|
|||
Two Factor Authentication
Dear All,
How to implement Two Factor Authentication into su command ? Thanks. |
|
|||
Thanks for the informative explanation.
Questions: How to disable any users add to wheel group and nobody can edit the /etc/group file? (systrace perhaps) |
|
||||
Perhaps I misunderstand the question, but editing files in the /etc directory requires the root password. So it should not be necessary to remove that ability from users. If you have given users sudo privileges, they should only have root access to whatever you allow.
I have a feeling I am missing something in the question. If so, please elaborate. |
|
||||
I think Peter is unclear about the authority granted to a standard user, compared with the authority of the super user.
Peter, the wheel group is just like any other group -- used for filesystem access control -- except that it one of the two factors for root user authorization access with su(1). Let's look at the specific file where wheel group access is defined: /etc/group. According to group(5), group memberships are defined here. Groups are used to define access controls to filesystems. And, for su(1), membership in the wheel group is needed for root user access. There are three layers of access control for any file, or any directory. user, group, and world. Let's look at one file, for example. /etc/group. Here's mine: Code:
4 -rw-r--r-- 1 root wheel 1266 Jun 12 23:44 /etc/group The "-rw-r-r--" is the access granted to the user, to the assigned group, and to the world, which is all other users. The file is readable and writeable by the user root, readable by other users who are in the group wheel, and also readable by any other users on this system. The root user is the superuser, and access to all files is granted to root regardless of ownership or group assignment. |
|
|||
Thanks. From your opinion and experience, granted access as superuser with su or sudo. Which one has far better than the other (Lock down access) ?
Last edited by Peter_APIIT; 20th June 2015 at 02:26 AM. Reason: added questions |
|
|||
Quote:
|
|
||||
Sudo. I'd recommended it to jkl three days ago here, which you must have missed. But even better, today ocicat very clearly compared su and sudo. I'll quote his post directly out of that thread, because I think it is both better and clearer than what I had to say. He and I both recommended the same book.
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Active Directory Authentication | ComputerErik | OpenBSD General | 3 | 20th May 2011 03:21 AM |
ZeuS trojan attacks bank's 2-factor authentication | J65nko | News | 0 | 22nd February 2011 02:38 PM |
NTLM Authentication | plexter | FreeBSD Security | 1 | 7th January 2011 08:43 PM |
Cups , authentication issue | welkin | FreeBSD Installation and Upgrading | 2 | 7th March 2010 01:03 AM |
openldap for authentication | rajendra_nagi | FreeBSD General | 9 | 17th July 2008 06:43 PM |