Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Problem with second user with uid 0?
  • From: miguel gmail <miguel.listas@xxxxxxxxx>
  • Date: Fri, 11 Mar 2005 11:22:36 +0100
  • Message-id: <578ebdde0503110222179c06e5@xxxxxxxxxxxxxx>
> Though in the fsck case there is an alternative I have just thought of, but
> the solution may be WORSE than the problem! If you want people to be able to
> do a fsck in an emergency, then you could always leave a "Rescue CD" with
> your boss... Then if anyone needs to actually do a fsck on a crashed server
> they can use the rescue disk to boot up and fsck the filesystem in question,
> and then reboot the server.
>
> The drawback to this is that you have to leave the server bootable from CD
> :(, which is in itself a security hole. On a positive note though, people
> don't just have the root password "on tap" and are hopefully less inclined
> to obtain the rescue disk and boot up as root "just for the hell of it".
>
> It's always good to have rescue disks handy anyway, just incase the
> root/boot file system gets corrupted/damaged. Like I experienced last week
> during a routine outage...

But, in this case, you can leave the boot cd to your boss, and protect
either the BIOS and the Bootloader with a password that only you and /
or boss know. If somebody needs to run a fsck, he will need to enter
the BIOS pwd and the booloader password.


--
Saludos,
miguel

< Previous Next >