[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Wed May 26 16:44:42 2004 -->
- <!--x-from-r13: zuvefpu ng ahoevqtrf.pbz ([vpunry R. Vvefpu) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: 766C5F28-AC78-11D8-AB5A-[email protected] -->
- <!--x-reference: 1085434319.1614.29.camel@pip -->
- <!--x-reference: E99C34F2-AE90-11D8-81BD-[email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Access Control Challenge -->
- <li><em>date</em>: Wed May 26 16:44:42 2004</li>
- <li><em>from</em>: mhirsch at nubridges.com (Michael D. Hirsch)</li>
- <li><em>in-reply-to</em>: <<a href="msg00987.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00900.html">[email protected]</a>> <1085434319.1614.29.camel@pip> <<a href="msg00987.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Access Control Challenge</li>
Even better, destroy the password by prepending 'x' to it in
/etc/passwd. Then you can't log in with a password. You can set it so
you can log in with an ssh key, or root can su to that user. sudo also
can work, but logins are impossible.
Michael
> thanks everybody,
> wood
> On May 24, 2004, at 5:31 PM, Danny Cox wrote:
>
> > Thomas,
> >
> > On Sun, 2004-05-23 at 01:17, Thomas Wood wrote:
> >> Has
> >> anyone else found a more elegant solution? I'd really like to keep my
> >> DBAs in the loop, password-wise, but they don't need the password and
> >> I
> >> think I can prevent them from changing it.
> >>
> >> Any thoughts? And no, tcp wrappers doesn't let you filter by
> >> username.
> >> Oh that it did. Also, I'm trying to avoid installing a firewall on
> >> my
> >> DB, so please, no filter rulesets.
> >
> > Will passwd -l (see man 1 passwd) do? It "locks" the account, only
> > allowing root to gain access. It may close the door too much, though.
> >
> > --
> > kernel, n.: A part of an operating system that preserves the
> > medieval traditions of sorcery and black art.
> >
> > Danny
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00900" href="msg00900.html">[ale] Access Control Challenge</a></strong>
<ul><li><em>From:</em> thomaswood at mac.com (Thomas Wood)</li></ul></li>
<li><strong><a name="00962" href="msg00962.html">[ale] Access Control Challenge</a></strong>
<ul><li><em>From:</em> danscox at mindspring.com (Danny Cox)</li></ul></li>
<li><strong><a name="00987" href="msg00987.html">[ale] Access Control Challenge</a></strong>
<ul><li><em>From:</em> thomaswood at mac.com (Thomas Wood)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00996.html">[ale] Ping</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00998.html">[ale] Antivirus LiveCD?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00987.html">[ale] Access Control Challenge</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00972.html">[ale] Access Control Challenge</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00997"><strong>Date</strong></a></li>
<li><a href="threads.html#00997"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>