Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: why to use su??

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    227

    Question why to use su??

    Hi all,

    I have this little question: I have read many times that when connecting to linux terminal over inet that I shouldnt login as root. That I should login as normal user and then use su command to receive root rights. Is this true? And if yes why? What's the point?

    You know I really don't understand linux so if someone could explain

    Thanx Sun7dots

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Well, for a start, most servers don't allow remote root login, and log all attempts at it...
    So if you login as another user, then use su to get root privileges, it works a whole lot better.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    227
    is this the only reason?
    and if the server allows it?

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    If the server does allow it, it's still not advisable, cause it means transmitting the (unencrypted) root password over the network/internet (very insecure).
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    1) Server shouldn't allow root to log in remotely.
    2) Password sniffers always check for login password, but now always passwords once connected.
    3) You shouldn't log on as root unless you HAVE to anyway

    Use SSH, not telnet. That will help also. Make sure you are using the latest version though.

    Why? Security issues. It is way to easy to sniff a password or hijack a session. I don't log in as root from anyplace other then the terminal unless I absoutely have to. Even then, not for long.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    227
    thnx guys I forgot sniffers... so thanx for explaining...

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    I log in as root ONLY from the keyboard going directly into the back of the computer I'm logging into. I don't even login as root over LANs.

    In fact, I don't su root either, if I need to do something as root, I'll log in locally rather than go over a network of any kind, even if I administrate it and even if it's supposed to be secure.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  8. #8
    su provides cryptographically secured authentication. which protects from tcp hijacking and spoofing. and sniffing.

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    I agree with Rewandythal and souleman's advice. You should not allow remote root login and if you have to do a remote connection I would advice tu use SSH.

    SSH has some issues but is far safer then Telnet .

    I have also set my servers to deny root locally. The cause of that is that we are several admins. When the admins have to log in as normal users and then "su" to get root privilegies I can see exactly when and what someone has been doing with the servers.

    It can be hard to see who has been to the machine if everybody uses root when logging in to the servers .

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    I am the only person with root access to my Linux machines, and Administrative access to my 2K machines, (All other users get either Power User (2k) or just normal user accounts in linux).
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •