[Info-vax] prevent user login during and after startup
Henry Crun
mike at rechtman.com
Thu Sep 18 01:17:33 EDT 2014
On 18/09/14 06:29, Craig A. Berry wrote:
> On 9/17/14, 1:24 PM, Stephen Hoffman wrote:
>
>> Get rid of OPER, and this particular problem goes away. Possibly some
>> other problems, too, depending on what else OPER is being (mis)used for.
>
> One way to do that would be to allow specific users to impersonate an
> account with OPER privilege, using, for example Jonathan Ridler's JUMP
> utility, which can (if you want) log every keystroke executed while
> under impersonation and otherwise monitor what's going on with the
> impersonated account and who's doing the impersonation.
>
> The key point for the OP's particular problem is that they would have to
> log into their own accounts first and could only acquire OPER privilege
> via a separate step, so until they are already logged in they are just
> non-privileged users and can be locked out via normal means.
>
Which suggests giving them "/priv=OPER/defprv=NOOPER" so that they can only
obtain OPER privs *after* they login, perhaps even automagically through
SYSLOGIN
--
Mike R.
Home: http://alpha.mike-r.com/
QOTD: http://alpha.mike-r.com/php/qotd.php
No Micro$oft products were used in the URLs above, or in preparing this message.
Recommended reading: http://www.catb.org/~esr/faqs/smart-questions.html#before
--- news://freenews.netfront.net/ - complaints: news at netfront.net ---
More information about the Info-vax
mailing list