root | su
mdh_lists at yahoo.com
Fri Oct 24 11:46:09 PDT 2008
--- On Fri, 10/24/08, Manolis Kiagias <sonic2000gr at gmail.com> wrote:
> From: Manolis Kiagias <sonic2000gr at gmail.com>
> Subject: Re: root | su
> To: "Jos Chrispijn" <kernel at webrz.net>
> Cc: "FreeBSD Questions" <freebsd-questions at freebsd.org>
> Date: Friday, October 24, 2008, 2:25 PM
> Jos Chrispijn wrote:
> > Is there a way of stopping root from su'ing to
> another user?
> > Jos Chrispijn
> Root is supposed to be the almighty god on your machine
> (i.e. you...).
> No point trying to limit the abilities of root (especially
> if physical
> access is also provided).
> And seriously, root is a role not a person. If you find
> yourself trying
> to limit root's capabilities, you've probably
> surrendered the root
> password to the wrong person. If you need to give someone
> limited root
> access to a machine, just use security/sudo instead (with a
> crafted sudoers file).
That's one option. Another is to implement jails, or virtualization via something like qemu.
Since the person asking didn't give any details of what he wants to do, it's hard to say, but your point is correct regardless.
More information about the freebsd-questions