Re: Can adding users be disabled.

[mark <m.roth@xxxxxxxxx>]

Marti, Robert wrote:
> The question needs to be asked - if you can't trust root, who can you  
> trust?
Or, for that matter, you could just rm /usr/sbin/useradd... but root can 
manually create a user with no problem at all... lessee, edit /etc/passwd, 
create the home directory, set permissions, add to /etc/groups....

Why do you think you need to keep the root account from creating users?

	mark
> Sent from my iPhone
>
> On Feb 9, 2010, at 6:34, "TYURIN Aleksey"  
> <Aleksey.TYURIN@xxxxxxxxxxxxx> wrote:
>
> > Yes, you can use simple methods: "rm /usr/sbin/useradd" or "chmod a- 
> > x /usr/sbin/useradd". But this only disable, but not deny.
> > root-user can copy "useradd" binary file from another server and set  
> > execute bit.
> >
> > SELinux can deny operation useradd even for the root-user.
> > Restart the server, in my opinion, is not required. But the need to  
> > restart several services and remounting of file systems.
> >
> > Good luck!
> >
> >
> > AT
> >
> > -----Original Message-----
> > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- 
> > bounces@xxxxxxxxxx] On Behalf Of Rohit khaladkar
> > Sent: Tuesday, February 09, 2010 2:48 PM
> > To: General Red Hat Linux discussion list
> > Subject: Re: Can adding users be disabled.
> >
> > Thanks Dustin! This worked like a charm!
> >
> > Tyurin, I cannot reboot the server right now , so was not able to  
> > try the selinux stuff. But I'll try that definitely.
> >
> > Thanks!
> > Rohit Khaladkar.
> >
> > On Tue, Feb 9, 2010 at 4:49 PM, Dustin Larmeir <dustin@xxxxxxxxxxx>  
> > wrote:
> >
> > > You can find the binary and chmod it to 000 and then use chattr -i,
> > > That would stop it. - Dustin
> > >
> > > -----Original Message-----
> > > From: redhat-list-bounces@xxxxxxxxxx [mailto:
> > > redhat-list-bounces@xxxxxxxxxx]
> > > On Behalf Of Rohit khaladkar
> > > Sent: Tuesday, February 09, 2010 4:11 AM
> > > To: General Red Hat Linux discussion list
> > > Subject: Can adding users be disabled.
> > >
> > > Hi All,
> > > Can we disable adding users command "useradd" even for the root  
> > > user..?
> > >
> > >
> > >
> > > --
> > > Thanks!
> > > Rohit Khaladkar
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
> > --
> > Thanks!
> > Rohit Khaladkar
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> > -----------------------------------
> > This message and any attachment are confidential and may be  
> > privileged or otherwise protected from disclosure.  If you are not  
> > the intended recipient any use, distribution, copying or disclosure  
> > is strictly prohibited. If you have
> > received this message in error, please notify the sender immediately  
> > either by telephone or by e-mail and delete  this message and any  
> > attachment from your system. Correspondence via e-mail is for  
> > information purposes only.
> > ZAO Raiffeisenbank neither makes nor accepts legally binding  
> > statements by e-mail unless otherwise agreed.
> > -----------------------------------
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list


--
The 21st Century Republican Party: "with malice toward all, and charity toward 
none."

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list