Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

How to prevent root users from editing files (logs)

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers How to prevent root users from editing files (logs)
# 1  
Old 12-05-2005
Question How to prevent root users from editing files (logs)
How to prevent root users from editing files (logs)? Is there any way?
# 2  
Old 12-05-2005
man 1 chflags

I believe that 'schg' is what you may be looking for. Use carefully.
# 3  
Old 12-06-2005
if root users cannot edit logs, the logs can ultimately get too big and fill up the filesystem --- is this what you want? or are you trying to secure the host and suspect some root users to be "less friendly?"
Last edited by Just Ice; 12-06-2005 at 12:22 PM..
# 4  
Old 12-06-2005
Basically, if you know who the the user is, you can try to create a chroot jail.
This prevents them from logging in using su to get privs and then editing files outside their new "root" directectory.

However, user with root access can defeat a chroot jail.

Here is an example for a ssh chroot jail:
http://www.fuschlberger.net/programs...p-chroot-jail/
# 5  
Old 12-06-2005
Some products, such as CA's Etrust Access Control will allow you to configure this. I don't know of any freeware that does the same.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find users with root UID or GID or root home

I need to list users in /etc/passwd with root's GID or UID or /root as home directory If we have these entries in /etc/passwd root:x:0:0:root:/root:/bin/bash rootgooduser1:x:100:100::/home/gooduser1:/bin/bash baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies

2. Shell Programming and Scripting

How to prevent a shell script from copy or read from Users

I have a script which do validation check and perform code migration from one env. to another, this is built for users/developers. How can I prevent this shell script from copy or read from users, as they can modify it and run it as per their requirement where as this has to be standard script and... (1 Reply)
Discussion started by: pramendra
1 Replies

3. Shell Programming and Scripting

Need to run a bash script that logs on as a non-root user and runs script as root

So I have a script that runs as a non-root user, lets say the username is 'xymon' . This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root. in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
Discussion started by: damang111
2 Replies

4. UNIX for Dummies Questions & Answers

logs of commands performed by users

Hi, when 2 users are logged as root , how can i find witch one had perform witch command? Thanks, (1 Reply)
Discussion started by: prpkrk
1 Replies

5. UNIX for Dummies Questions & Answers

Editing crontab of non-root user from file

Hi All, Ref: "build crontab from a text file" in same forum. (I am not allowed to post URL's in the first post) We are reorganizing our UNIX Crontab file by first making changes in a word pad text file. The intent is to then copy it back to Crontab. Will this work? Copy and Paste does not... (6 Replies)
Discussion started by: nivedhitha
6 Replies

6. Solaris

Prevent users logging in as root

I would like to know how to prevent users connecting to a server using SSH as root. I would still like them to be able to login with their username and then change to su. But I would like to prevent them logging in directly as root. I have searched the forum and read that I should set... (3 Replies)
Discussion started by: Sepia
3 Replies

7. UNIX for Advanced & Expert Users

How to prevent local root from su to an NIS user?

We have a shared development box, running Solaris 10 that is an NIS client, all the developers have local root password. If they know the NIS uid of another user, they can just do % useradd -u <uid> login And then log in as that user and have full access to his files in his home directory. ... (3 Replies)
Discussion started by: nfw
3 Replies

8. AIX

Locking a file when using VI to prevent multiple-edit sessions by diff users

At the office, we often have to edit one file with VI. We are 4-6 workers doing it and sometimes can be done at the same time. We have found a problem and want to prevent it with a file lock. Is it possible and how ? problem : Worker-a starts edit VI session on File-A at 1PM Worker-b... (14 Replies)
Discussion started by: Browser_ice
14 Replies

9. UNIX for Dummies Questions & Answers

Prevent root login directly

Hi How can I prevent anyone from logging in as root directly? I have added the line console=/dev/null to the file /etc/default/login I was still able to login as root from the console. Please advice. Thanks Srini (4 Replies)
Discussion started by: skotapal
4 Replies
Login or Register to Ask a Question