[plug] Linux security idea - maybe
Craig Ringer
craig at postnewspapers.com.au
Fri Jun 13 00:18:12 WST 2003
> It's been an interesting thread and I've a better grasp on security
> possibilities as a result. Hopefully others have benefited as well. I
> have a machine to rebuild soon so I will try the alternative-root scheme.
> If I mess it up I can easily reload things and start afresh :-)
Remember, problems may not be immediately obvious. Sometimes there is
breakage with daemons making the wrong assumptions, etc. Great caution
required. I'm pretty sure the passwd file is implicity assumed by most
apps to be one uid = one username, after all.
It may be possible to simply rename the root account, leaving the
original "root" user either nonexistant or mapped to a high uid with no
priveleges - but I haven't tried this yet. S'pose I should, really -
whenever I discover something that breaks, I'd just need to submit a bug
report and/or patch.
Too much else to do.
Craig Ringer
More information about the plug
mailing list