From owner-freebsd-chat Mon Oct 16 20:57:12 2000 Delivered-To: freebsd-chat@freebsd.org Received: from grumpy.dyndns.org (cm-24-246-28-166.toney.mediacom.ispchannel.com [24.246.28.166]) by hub.freebsd.org (Postfix) with ESMTP id A5B0137B4C5 for ; Mon, 16 Oct 2000 20:57:10 -0700 (PDT) Received: from grumpy.dyndns.org (localhost [127.0.0.1]) by grumpy.dyndns.org (8.11.1/8.11.1) with ESMTP id e9H3ubS17510; Mon, 16 Oct 2000 22:56:37 -0500 (CDT) (envelope-from dkelly@grumpy.dyndns.org) Message-Id: <200010170356.e9H3ubS17510@grumpy.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Kris Kirby Cc: freebsd-chat@FreeBSD.ORG From: David Kelly Subject: Re: Traditional UN*X conventions (Or: Why not to login as root?) In-reply-to: Message from Kris Kirby of "Sun, 15 Oct 2000 07:46:19 -0000." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 16 Oct 2000 22:56:37 -0500 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kirby writes: > > Lately I find myself pondering why or why not one is supposed to leave the > root account alone altogether, instead su(do)ing as necessary to > perform various tasks. Is there a series of texts out there that states > this and other traditional measures taken (perhaps with a historical or > logically documented process in regards to tracking break-ins)? Rarely does a critical Unix system have a single sysop with the root password. If all behave and use their own account first then su into root as needed then 1) they can carry their own personal environment with them, and 2) there is some traceability as to who did it. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message