-
June 21st, 2002, 04:58 PM
#11
Not allowin root login with remote services like ssh also adds to the sercurity because you have to know two passwords instead of one to get to a root shell.
Don't know if this is like this in other *nixs too, but in openbsd, if the weel group is populated, only members of wheel can su to root. So if you make sure all members of wheel have strong passwords and so does root, brute forcing youre way to root would be considerably longer...
Ammo
Credit travels up, blame travels down -- The Boss
-
June 21st, 2002, 05:22 PM
#12
Put simply (as we always used to say) root leaves big footprints.
Pretty much, there's nothing you won't be able to do as root, whether you intend to or not... that includes deleting needed files caught in a typo or filling your disk up so full that your system will not be able to reboot (you can fill the disk up as a normal user, too - but it's smart enough to leave a reserve).
There are lots of reasons to not do this... pretty much the easiest one - it pretty much defeats all security on the box.
That's pretty much it. You can also use other utilites to control your work as root, like sudo. I like sudo, because you have much more control over commands executed by multiple admins, it will ask for a password for each command (helping you to make sure that you want to do something) and you NEVER have to give out the root password. Giving out the root password to multiple people is just bad policy all around.
/* You are not expected to understand this. */
-
June 21st, 2002, 05:55 PM
#13
Banned
Originally posted here by DjM
You can 'su' to any account on a *uix system, providing you know the account password. If you are root, then you can 'su' to any account without a password. (at least it use to be like that, I haven't played with *uix for awhile now).
yes i know...... and to simplify that, you can su to any account provided that you know the root password (or the password of someone in an equivelant group)
also, incase you think of it giving your 'personal' account access in the root group dosnt do anything differently than just logging in as root so you kinda get screwed the same way if your account has full privelages...... if that makes any sence to anyone but me
-
June 21st, 2002, 06:30 PM
#14
Originally posted here by cyb3rn3tik
btw: 'su' is probably 'standard user'
su = set user ID
On solaris su - will set user ID to root (you need the password)
su someOtherUser -will make u that user
Cheers,
Duncan
If the above was posted elsewhere I aploize for the duplicate
-
June 24th, 2002, 05:51 AM
#15
rm -rf *
from the / directory
pretty much says everything about why you shouldnt run as root all the time.
BTW, I been there and done that. thankfuly it was just my personal machine
Also, even if you are very very careful about what commands you use and apps you run, if you have to leave a machine for an emergency bathroom or cofee run and dont logout, someone else could cause many problems for you if you are logged in as root
-
June 24th, 2002, 05:56 AM
#16
I always thought su was super user as well as one other in this thread... hmm...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|