Thanks to the many people who responded. Basically if I give root
access to my users on their workstations there isn't much that can be
done, especially against hard-working hackers.
The most common suggestion was to eliminate root access and use a
command called "sudo" available from many FTP sites to provide a limited
setuid front end for common programs.
Here, courtesy of cjm1%scintilla@gte.com (Christopher J. Matheus) is a
(truncated) list of FTP sites that have sudo.
=====================
ftp sites from archie:
=====================
> archie sudo
May 2 1991 512 /src.doc.ic.ac.uk://usenet/comp.archives/unix/admin/sudo
May 3 1991 512 /src.doc.ic.ac.uk://usenet/comp.archives/sudo
Mar 27 1990 512 /emx.utexas.edu://pub/mnt/source/doc/sa-book/sudo
Apr 18 1991 512 /cs.dal.ca://pub/comp.archives/sudo
Mar 27 1990 512 /boulder.colorado.edu://pub/sa-book/sudo
Jun 14 1991 512 /veronica.cs.wisc.edu://src/sudo
-------------------------------
Eric Pederson
ericp@beach.csulb.edu
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:34 CDT