John_White at dell.com wrote:
>> > But root can access anything anyway, and can 'su - bloggsj' too.
>> Yeah but if "Joe Hacker kid" has just gotten root on your system
> and he wants to steal some extra accounts (so that he can get
> in again when you find him), he'll be wanting to get passwords for
> other accounts. As root the only thing he can do is change passwords
> (something that will be noticed fairly soon by the owners of those
> accounts).
> However if he can read your log file as root and get the passwords
> nobody may ever know he has stolen other accounts. root might be
> privliged but if there's no need for root to know user passwords
> (and there isn't) they should be hidden from him/her too.
On a related note concerning administrative privileges, WinNT with it's
ACLs allows a certain degree of privacy wrt admins:
A user can revoke access to admin on a private file (owned by the
user). Admin can take ownership of the file and regain access that way,
but the owner of the file will now be admin and this change of ownership
can be noted by the user. So although an admin can access all files, a
user can know if his files have been accessed. I like this idea -
presume there's no way of provide this kind of functionality under
linux. Anyone?
Oh yeah, I probably should mention that under NT ownership can't be
given (even by admin), you can only grant the rights to take ownership.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
