[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User root from client can be all another users

To: Marcelo Gomes <marmitsbr@yahoo.com.br>
Subject: Re: User root from client can be all another users
From: LiPi - <lipixx@gmail.com>
Date: Mon, 23 Mar 2009 19:56:19 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <523171.99054.qm@web63304.mail.re1.yahoo.com>
References: <523171.99054.qm@web63304.mail.re1.yahoo.com>

You MUST give more information about your system, configs, etc. if you
want an answer.

I supose that you have an openldap server acting as a user account
store, and it's allowing the users of ldap to log in the system. So if
you do a getent passwd you will get all users from the server
(local+ldap).

Logging as root gives you all the privileges (uid 0), and if you don't
uninstall su I think that you will not be able to do what you want.
Root user must be only logged by the root.

I also think that this is not an ldap question.

2009/3/23 Marcelo Gomes <marmitsbr@yahoo.com.br>:
>
> Hi!
>
> In my network, when some client do login as root (local) he can type "su -l" and be all another user from ldap.
>
> How can i block this ?
>
>
> thanks
>
> Marcelo Gomes
>
>
>
>
>
>

Follow-Ups:
- Re: User root from client can be all another users
  - From: Brian Krusic <brian@krusic.com>

References:
- User root from client can be all another users
  - From: Marcelo Gomes <marmitsbr@yahoo.com.br>

Prev by Date: ldap dir change, ext script?
Next by Date: Re: ldap dir change, ext script?
Index(es):
- Chronological
- Thread