pwned!, Admin account banning Options

[ixombie]

Can a user with an admin account ban another user on the same node? If I hack into the node and gain user or security status, can the admin just ban me, kicking me off the node (once they penetrate my stealth and find me of course)?

Also, can an admin reduce the privileges of another admin? Admin access supposedly has unlimited rights on the system, does this apply to modifying other admin accounts? If not, how could a node's owner remove an ex employee from admin access, since there's no way to supersede an admin?

If either of these actions are possible, how could they be respresented? Computer + data search to find the system file that determines privileges, and computer + edit to change it? Any other ideas?

This has been driving me nuts for a while, hope someone has some input on it :)

[Eleazar]

From what I gather from the book, you have full admin privileges. So that means you can ban other admins and other admins can ban you. This is the same way it works with Windows Server. If I have admin privileges and I want to delete one of my coworkers admin accounts, I can. The way they describe admin in SR4, sounds a lot more like getting root in Linux than some random admin account in windows. So that means you can pretty much do anything.

EDIT:
Yep I was right just checked the book:

"Admin status is only granted to a few users. Also
known as “root,” admin privilege gives you total access,
so that any problems that come up in the system can
be solved. Admin access authorizes almost any activity,
including destruction of important data or actions
that damage the system or render it inactive."
SR4 PG. 216

[Aemon]

I can answer a few questions based on present technologies...

Yes, someone with admin account can grant, remove, deny, destroy, add privileges to another admin level user. After all, as you yourself stated, if a user with Admin access leaves a company, or whatever, someone has to be able to revoke their authority! So yes, absolutely, Admins can administrate other Admins.

In SR 2070, I would say that Admins can "ban" an account, but that does not auto-kick the user from the system. A "banned" account typically means that it is banned from entry. If it is already inside, the ban typically doesn't do a whole lot... Unless of course they enforce that ban across all system/file/processing privileges, which strikes me as being a much more time-consuming process.

Basically, consider a "ban" like a locked door. Someone had access before, and they have a key, but you've changed the lock. However, if that person manages to bypass the door, then they have full access to your home, your computer and your horse porn.

[Eleazar]

I didn't realize the other question in there.
"..., can the admin just ban me, kicking me off the node (once they penetrate my stealth and find me of course)?"

The answer to this is no. You would enter cybercombat, or they might try to terminate the connection. Terminating a connection isn't something that just happens. You get a chance to stop it.

"Terminate Connection
Once an intruder is identified, a node may attempt to sever
the hacker’s connection by shutting down the port through
which he is accessing. On some isolated high-security nodes or
hand-held devices that do not oft en rely on remote access, all
outside connections may be severed.
In order to sever a connection, the node immediately makes
an Opposed Firewall + System Test against the hacker’s Exploit
program + Hacking skill. If the hacker used a passcode and legitimate
account to log on, rather than hacking his way in with an
exploit program, then the Exploit program does not apply to the
test. If the node achieves more hits, it disconnects the hacker. The
hacker can attempt to log back on, but the node will be on alert
(and may have closed down all outside connections)."
SR4 PG 223

[Charon]

In essence, terminating the hacker's connection can be construed as an admin of the system trying to ban you.

That's the most likely course of action an admin would take upon noticing an intruder, unless he feels like risking his neurons in cyber combat (Or not risk his neuron but choosing to waste his time instead by challenging the hot shot hacker while running cold).

[ixombie]

It seems like admins can reduce the priviledges of any other account, but that wouldn't terminate your connection. Even if they "ban" you, it would just mean that all your actions are illegal and require a hacking test. And if you got the drop and banned the sysadmin, he could still hack to perform actions on the system and also try to beat you in cybercombat.

What it more or less seems to come down to is if someone knows you're there, there is no better way to get rid of you than to send IC or otherwise try to beat the tar out of your icon, if the initial attempt to terminate your connection fails. Changing account privileges could delay or inhibit another user coming after you, but if they have hacking skills they can hack their own node. If they're a hacker, chances are they're at least as good at computer as they are at hacking, otherwise they're probably better at hacking...

[Cheops]

The other admin could also flag your account, send a tracking IC to find you meat bod, and record what you are doing. When the IC comes back with your location the admin phones lone star and tells them that he has evidence about you hacking their system and where you can be found.

Lone star thanks them for the easy bust, the corp doesn't risk any of its assets. All you can do is keep your eyes open for the red flag and the other admin.

[IvanTank]

If you get admin access, could you sever the connection for the actual sysadmin?

Besides, once you hack admin access, then you just eliminate all admin accounts, and create a new one, yours. After that, disconnect and then reconnect with the legitmate admin account, and then tell the system to go on alert. Since you have a legitamate account, all the IC on the system will let you be. However, should the security hackers break their way into the system, which will be harder since you have put the system on alert, then the IC will treat them as hostile :)

[lorechaser]

It's been a bit since I was a Unix admin, but I'm pretty sure if you actually delete the account's permissions, you are going to make it very hard to use the system.

Depends on the structure of the matrix, I guess, but if all the apps you want to use are rwxr--r-- you're gonna have a hell of a time when you no longer fit in a permissions group....

[ixombie]

One thing to note about matrix actions is that, for game balance's sake, you need to make a roll to take an action. You can't just summarily ban the other admins, you would need to do something. What that something is I don't know and nobody has talked about yet. My thoughts are that you would need an analyze to find the priviledge file, then an edit in order to rewrite it at the very least.

And if you do something as heinous as blocking all the admins, they could always just do a hard shutdown on the node, and bring it back up with wireless disabled to fix the account priviledges.

So, while it seems like my idea is possible, it's probably not as good a trick as it at first seemed.

[Jaid]

i assume it would be browse + datasearch to find the privilege file, and hacking + edit or computer + edit (if you're admin, computer... otherwise, hacking) to make the change. if it was computer, i'd make it a pretty low threshold though... adding/removing/modifying users is one of the jobs that admin is gonna handle a lot, imo, and would thus be relatively simple.

[IvanTank]

[Kesslan]

[De Badd Ass]