Re: One more user admin question
From: Lew Pitcher (Lew.Pitcher_at_td.com)
Date: 01/30/04
- Next message: Bit Twister: "Re: One more user admin question"
- Previous message: Sybren Stuvel: "Re: One more user admin question"
- In reply to: Bit Twister: "Re: One more user admin question"
- Next in thread: remove: "Re: One more user admin question"
- Reply: remove: "Re: One more user admin question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 30 Jan 2004 15:29:45 -0500
Bit Twister wrote:
> On Fri, 30 Jan 2004 13:58:39 -0500, R.J.G. wrote:
>
>>Suppose that I'm a sysadmin and my company fires Bob. Yet, being a dopey
>>admin, I don't remove Bob's user account or change his password.
>
> Company/security dept/you are negligent.
Agreed. The least RJG should have done is "lock"ed Bob's account so that Bob
couldn't log in again.
>> One day,
>>while on the system, I see that Bob has logged in either remotely or from
>>his old workstation. Now the question.... seeing this, how do I as "root"
>>forcibly log Bob out once he's on the system?
>
>
> man ps
> man kill
Followed swiftly by
telinit 1
and a forensic audit of your system.
The point being: can you be absolutely sure that the user /was/ Bob, and not
some intruder using Bob's old account? In either case, what sort of damage
has "Bob" done to your system (if any)?
-- Lew Pitcher, IT Consultant, Application Architecture Enterprise Technology Solutions, TD Bank Financial Group (Opinions expressed here are my own, not my employer's)
- Next message: Bit Twister: "Re: One more user admin question"
- Previous message: Sybren Stuvel: "Re: One more user admin question"
- In reply to: Bit Twister: "Re: One more user admin question"
- Next in thread: remove: "Re: One more user admin question"
- Reply: remove: "Re: One more user admin question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
