[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: [Qube2] Admin Account/changing admin login and security
- Subject: Re: [cobalt-security] Re: [Qube2] Admin Account/changing admin login and security
- From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
- Date: Tue, 13 Jun 2000 15:36:37 -0500
- Organization: anonymous
On Mon, 12 Jun 2000 14:32:41 -0700, Diana Brake <diana@xxxxxxxxxxxxx> wrote:
/snip/
:>I've been thinking about your question...the way cobalt requires the admin
:>and tying admin and root passwords together. NOTE: I have a RaQ2 NOT an
:>Qube2. Maybe this will work for you anyway.
OK, it is along the lines I am thinking about; although the Qube2 does not
have site admins.
/snip/
:>Now to your question. Since I don't use admin for anything except base
:>server administration, but everyone who knows anything about cobalt knows
:>admin shares the root password, I figured, take admin out of the wheel line
:>in the group file. I placed one of my secondary (for lack of a better
:>description) admin IDs in the wheel group instead. I can still telnet in as
My system is awaiting the arrival of a restore CD, but I will look at this
when I start rebuilding. I do not remember any userids in the wheel groups,
but ...
:>admin...using the current/proper password. BUT, admin can't su to root now.
:>The passwords are still the same...but someone would have to "guess" what
:>ID I've designated to be able to su -. My admin CAN su newadminID...who
:>can then su root...but nobody but me knows which ID I've allowed this
:>privilege. GUI still works. Telnet still works. (I am the ONLY one on the
:>whole system with telnet privileges). So, I "feel" that I've partially
:>protected myself anyway.
My thoughts too. Just reduce the exposure at one more weak point. It does not
guarantee anything, just shuts one more door a bit more.
:> Again, the newbie that I am, I may be fooling
:>myself...*grin...and I do still intend to install the SSH program and shut
:>off the telnet port.
High on my priority list too.
:>I hope that helps and anyone, please point out inaccuracies or fallacies in
:>my thinking. I didn't describe all the steps required so if this would help
:>anyone, I will do this when asked.
As soon as I am back up, I may send you a private request for exact details if
I cannot figure it out myself. Thank you for the offer of help.