[ale] Access Control Challenge

Danny Cox danscox at mindspring.com
Mon May 24 17:34:17 EDT 2004


Thomas,

On Sun, 2004-05-23 at 01:17, Thomas Wood wrote:
> Has 
> anyone else found a more elegant solution?  I'd really like to keep my 
> DBAs in the loop, password-wise, but they don't need the password and I 
> think I can prevent them from changing it.
> 
> Any thoughts?  And no, tcp wrappers doesn't let you filter by username. 
>   Oh that it did.  Also, I'm trying to avoid installing a firewall on my 
> DB, so please, no filter rulesets.

	Will passwd -l (see man 1 passwd) do?  It "locks" the account, only
allowing root to gain access.  It may close the door too much, though.

-- 
kernel, n.: A part of an operating system that preserves the
medieval traditions of sorcery and black art.

Danny



More information about the Ale mailing list