Re: Can adding users be disabled.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The question needs to be asked - if you can't trust root, who can you  
trust?

Sent from my iPhone

On Feb 9, 2010, at 6:34, "TYURIN Aleksey"  
<Aleksey.TYURIN@xxxxxxxxxxxxx> wrote:

> Yes, you can use simple methods: "rm /usr/sbin/useradd" or "chmod a- 
> x /usr/sbin/useradd". But this only disable, but not deny.
> root-user can copy "useradd" binary file from another server and set  
> execute bit.
>
> SELinux can deny operation useradd even for the root-user.
> Restart the server, in my opinion, is not required. But the need to  
> restart several services and remounting of file systems.
>
> Good luck!
>
>
> AT
>
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- 
> bounces@xxxxxxxxxx] On Behalf Of Rohit khaladkar
> Sent: Tuesday, February 09, 2010 2:48 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Can adding users be disabled.
>
> Thanks Dustin! This worked like a charm!
>
> Tyurin, I cannot reboot the server right now , so was not able to  
> try the selinux stuff. But I'll try that definitely.
>
> Thanks!
> Rohit Khaladkar.
>
> On Tue, Feb 9, 2010 at 4:49 PM, Dustin Larmeir <dustin@xxxxxxxxxxx>  
> wrote:
>
>> You can find the binary and chmod it to 000 and then use chattr -i,
>> That would stop it. - Dustin
>>
>> -----Original Message-----
>> From: redhat-list-bounces@xxxxxxxxxx [mailto:
>> redhat-list-bounces@xxxxxxxxxx]
>> On Behalf Of Rohit khaladkar
>> Sent: Tuesday, February 09, 2010 4:11 AM
>> To: General Red Hat Linux discussion list
>> Subject: Can adding users be disabled.
>>
>> Hi All,
>> Can we disable adding users command "useradd" even for the root  
>> user..?
>>
>>
>>
>> --
>> Thanks!
>> Rohit Khaladkar
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
> --
> Thanks!
> Rohit Khaladkar
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> -----------------------------------
> This message and any attachment are confidential and may be  
> privileged or otherwise protected from disclosure.  If you are not  
> the intended recipient any use, distribution, copying or disclosure  
> is strictly prohibited. If you have
> received this message in error, please notify the sender immediately  
> either by telephone or by e-mail and delete  this message and any  
> attachment from your system. Correspondence via e-mail is for  
> information purposes only.
> ZAO Raiffeisenbank neither makes nor accepts legally binding  
> statements by e-mail unless otherwise agreed.
> -----------------------------------
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux