RE: Can adding users be disabled.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

You can read the ideology of SELinux and the reasons for the existence of this technology.
I'm afraid that we're going beyond the topic.

I will say the main thing - this technology is quite popular.

Sometimes (rarely) the policy restricts the company's system administrator and has a security administrator.
The same situation with database management systems in the past 6 years.

In any case, the question the author's theme is the answer - SELinux. Even if the technology is controversial.
The technical solution instead the holy war of idealogy :)

Good Luck!

AT

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Marti, Robert
Sent: Tuesday, February 09, 2010 3:38 PM
To: General Red Hat Linux discussion list
Subject: Re: Can adding users be disabled.

The question needs to be asked - if you can't trust root, who can you trust?

Sent from my iPhone

On Feb 9, 2010, at 6:34, "TYURIN Aleksey"
<Aleksey.TYURIN@xxxxxxxxxxxxx> wrote:

> Yes, you can use simple methods: "rm /usr/sbin/useradd" or "chmod a- x
> /usr/sbin/useradd". But this only disable, but not deny.
> root-user can copy "useradd" binary file from another server and set
> execute bit.
>
> SELinux can deny operation useradd even for the root-user.
> Restart the server, in my opinion, is not required. But the need to
> restart several services and remounting of file systems.
>
> Good luck!
>
>
> AT
>
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of Rohit khaladkar
> Sent: Tuesday, February 09, 2010 2:48 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Can adding users be disabled.
>
> Thanks Dustin! This worked like a charm!
>
> Tyurin, I cannot reboot the server right now , so was not able to try
> the selinux stuff. But I'll try that definitely.
>
> Thanks!
> Rohit Khaladkar.
>
> On Tue, Feb 9, 2010 at 4:49 PM, Dustin Larmeir <dustin@xxxxxxxxxxx>
> wrote:
>
>> You can find the binary and chmod it to 000 and then use chattr -i,
>> That would stop it. - Dustin
>>
>> -----Original Message-----
>> From: redhat-list-bounces@xxxxxxxxxx [mailto:
>> redhat-list-bounces@xxxxxxxxxx]
>> On Behalf Of Rohit khaladkar
>> Sent: Tuesday, February 09, 2010 4:11 AM
>> To: General Red Hat Linux discussion list
>> Subject: Can adding users be disabled.
>>
>> Hi All,
>> Can we disable adding users command "useradd" even for the root
>> user..?
>>
>>
>>
>> --
>> Thanks!
>> Rohit Khaladkar
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
> --
> Thanks!
> Rohit Khaladkar
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> -----------------------------------
> This message and any attachment are confidential and may be privileged
> or otherwise protected from disclosure.  If you are not the intended
> recipient any use, distribution, copying or disclosure is strictly
> prohibited. If you have received this message in error, please notify
> the sender immediately either by telephone or by e-mail and delete
> this message and any attachment from your system. Correspondence via
> e-mail is for information purposes only.
> ZAO Raiffeisenbank neither makes nor accepts legally binding
> statements by e-mail unless otherwise agreed.
> -----------------------------------
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-----------------------------------
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure.  If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by telephone or by e-mail and delete  this message and any attachment from your system. Correspondence via e-mail is for information purposes only.
 ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed.
-----------------------------------

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux