Hi! I asked this question because there is a customer who has implemented this rule (I know sounds weird and I do not know the reason) and I wanted to reproduce the same setup Thanks all for the inputs! Helped me a great deal! Thanks! Rohit Khaladkar On Tue, Feb 9, 2010 at 10:17 PM, mark <m.roth@xxxxxxxxx> wrote: > Marti, Robert wrote: > >> The question needs to be asked - if you can't trust root, who can you >> trust? >> >> Or, for that matter, you could just rm /usr/sbin/useradd... but root can > manually create a user with no problem at all... lessee, edit /etc/passwd, > create the home directory, set permissions, add to /etc/groups.... > > Why do you think you need to keep the root account from creating users? > > mark > > Sent from my iPhone >> >> On Feb 9, 2010, at 6:34, "TYURIN Aleksey" <Aleksey.TYURIN@xxxxxxxxxxxxx> >> wrote: >> >> Yes, you can use simple methods: "rm /usr/sbin/useradd" or "chmod a- x >>> /usr/sbin/useradd". But this only disable, but not deny. >>> root-user can copy "useradd" binary file from another server and set >>> execute bit. >>> >>> SELinux can deny operation useradd even for the root-user. >>> Restart the server, in my opinion, is not required. But the need to >>> restart several services and remounting of file systems. >>> >>> Good luck! >>> >>> >>> AT >>> >>> -----Original Message----- >>> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- >>> bounces@xxxxxxxxxx] On Behalf Of Rohit khaladkar >>> Sent: Tuesday, February 09, 2010 2:48 PM >>> To: General Red Hat Linux discussion list >>> Subject: Re: Can adding users be disabled. >>> >>> Thanks Dustin! This worked like a charm! >>> >>> Tyurin, I cannot reboot the server right now , so was not able to try >>> the selinux stuff. But I'll try that definitely. >>> >>> Thanks! >>> Rohit Khaladkar. >>> >>> On Tue, Feb 9, 2010 at 4:49 PM, Dustin Larmeir <dustin@xxxxxxxxxxx> >>> wrote: >>> >>> You can find the binary and chmod it to 000 and then use chattr -i, >>>> That would stop it. - Dustin >>>> >>>> -----Original Message----- >>>> From: redhat-list-bounces@xxxxxxxxxx [mailto: >>>> redhat-list-bounces@xxxxxxxxxx] >>>> On Behalf Of Rohit khaladkar >>>> Sent: Tuesday, February 09, 2010 4:11 AM >>>> To: General Red Hat Linux discussion list >>>> Subject: Can adding users be disabled. >>>> >>>> Hi All, >>>> Can we disable adding users command "useradd" even for the root user..? >>>> >>>> >>>> >>>> -- >>>> Thanks! >>>> Rohit Khaladkar >>>> -- >>>> redhat-list mailing list >>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>>> https://www.redhat.com/mailman/listinfo/redhat-list >>>> >>>> -- >>>> redhat-list mailing list >>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>>> https://www.redhat.com/mailman/listinfo/redhat-list >>>> >>>> >>> >>> -- >>> Thanks! >>> Rohit Khaladkar >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >>> ----------------------------------- >>> This message and any attachment are confidential and may be privileged >>> or otherwise protected from disclosure. If you are not the intended >>> recipient any use, distribution, copying or disclosure is strictly >>> prohibited. If you have >>> received this message in error, please notify the sender immediately >>> either by telephone or by e-mail and delete this message and any >>> attachment from your system. Correspondence via e-mail is for information >>> purposes only. >>> ZAO Raiffeisenbank neither makes nor accepts legally binding statements >>> by e-mail unless otherwise agreed. >>> ----------------------------------- >>> >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >> >> > > -- > The 21st Century Republican Party: "with malice toward all, and charity > toward none." > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Thanks! Rohit Khaladkar -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
