Date: Fri, 24 Oct 2008 11:46:07 -0700 (PDT) From: mdh <mdh_lists@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: root | su Message-ID: <172590.26774.qm@web56802.mail.re3.yahoo.com> In-Reply-To: <49021319.7090804@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- On Fri, 10/24/08, Manolis Kiagias <sonic2000gr@gmail.com> wrote:
> From: Manolis Kiagias <sonic2000gr@gmail.com>
> Subject: Re: root | su
> To: "Jos Chrispijn" <kernel@webrz.net>
> Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org>
> Date: Friday, October 24, 2008, 2:25 PM
> Jos Chrispijn wrote:
> > Is there a way of stopping root from su'ing to
> another user?
> >
> > Jos Chrispijn
> >
> Root is supposed to be the almighty god on your machine
> (i.e. you...).
> No point trying to limit the abilities of root (especially
> if physical
> access is also provided).
> And seriously, root is a role not a person. If you find
> yourself trying
> to limit root's capabilities, you've probably
> surrendered the root
> password to the wrong person. If you need to give someone
> limited root
> access to a machine, just use security/sudo instead (with a
> carefully
> crafted sudoers file).
That's one option. Another is to implement jails, or virtualization via something like qemu.
Since the person asking didn't give any details of what he wants to do, it's hard to say, but your point is correct regardless.
- mdh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?172590.26774.qm>