The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Dummies Questions & Answers
Google UNIX.COM
Home Forums Register Rules & FAQ Members List Arcade Search Today's Posts Mark Forums Read


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!


Other UNIX.COM Threads You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Prevent users logging in as root Sepia SUN Solaris 3 4 Weeks Ago 10:45 AM
How to prevent local root from su to an NIS user? nfw UNIX for Advanced & Expert Users 3 01-08-2008 09:38 AM
editing sqlplus id@passwd in multiple scripts, users and directories Helmi UNIX for Dummies Questions & Answers 8 05-08-2007 09:02 PM
Locking a file when using VI to prevent multiple-edit sessions by diff users Browser_ice AIX 14 11-23-2006 06:43 AM
Prevent root login directly skotapal UNIX for Dummies Questions & Answers 4 09-27-2002 03:53 AM

Reply
 
Submit Tools LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-05-2005
Registered User
 

Join Date: Dec 2005
Posts: 1
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!Spurl this Post!
Question How to prevent root users from editing files (logs)

How to prevent root users from editing files (logs)? Is there any way?
Reply With Quote
Forum Sponsor
  #2 (permalink)  
Old 12-05-2005
Registered User
 

Join Date: Nov 2005
Posts: 11
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!Spurl this Post!
man 1 chflags

I believe that 'schg' is what you may be looking for. Use carefully.
Reply With Quote
  #3 (permalink)  
Old 12-06-2005
Just Ice's Avatar
Lights on, brain off.
 

Join Date: Mar 2005
Location: in front of my computer
Posts: 627
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!Spurl this Post!
if root users cannot edit logs, the logs can ultimately get too big and fill up the filesystem --- is this what you want? or are you trying to secure the host and suspect some root users to be "less friendly?"

Last edited by Just Ice : 12-06-2005 at 08:22 AM.
Reply With Quote
  #4 (permalink)  
Old 12-06-2005
...@...
 

Join Date: Feb 2004
Location: NM
Posts: 3,240
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!Spurl this Post!
Basically, if you know who the the user is, you can try to create a chroot jail.
This prevents them from logging in using su to get privs and then editing files outside their new "root" directectory.

However, user with root access can defeat a chroot jail.

Here is an example for a ssh chroot jail:
http://www.fuschlberger.net/programs...p-chroot-jail/
Reply With Quote
  #5 (permalink)  
Old 12-06-2005
Registered User
 

Join Date: Oct 2002
Posts: 670
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!Spurl this Post!
Some products, such as CA's Etrust Access Control will allow you to configure this. I don't know of any freeware that does the same.
Reply With Quote
Google UNIX.COM
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 11:52 PM.


Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008 The CEP Blog All Rights Reserved -Ad Management by RedTyger

Search Engine Optimization by vBSEO 3.1.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102