Date: Tue, 25 Jul 2000 13:05:17 -0400 From: Bill Fumerola <billf@chimesnet.com> To: Bart van Leeuwen <bart@ixori.demon.nl> Cc: James Wyatt <jwyatt@rwsystems.net>, Jean-Claude STAQUET <jcs@polyflow.be>, freebsd-security@freebsd.org Subject: Re: allow access of root user Message-ID: <20000725130517.I51462@jade.chc-chimes.com> In-Reply-To: <Pine.BSF.4.21.0007251638050.21495-100000@isengard.ixori.demon.nl>; from bart@ixori.demon.nl on Tue, Jul 25, 2000 at 04:41:03PM %2B0200 References: <Pine.BSF.4.10.10007250855560.19714-100000@bsdie.rwsystems.net> <Pine.BSF.4.21.0007251638050.21495-100000@isengard.ixori.demon.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 25, 2000 at 04:41:03PM +0200, Bart van Leeuwen wrote:
> Uhm, telnetting in as a user and suing to root has exactly the same
> danger, your password goes over the net in plaintext.
>
> If you want to prevent that consider using ssh instead.
> Also note that when using rsh you prevent root from logging in for
> interactive access, but an rsh -l root <machine> <command> will still
> work.
For those who are stupid enough to allow rsh....
> To be honest, I never really saw the point of disallowing this except for
> the simple good habit of never using the root account at all, and only
> becomming superuser when you really really have to.
Jul 25 13:01:50 boa su: billf to root on /dev/ttyp2
That's the #1 reason you don't want several people just logging in
as root.
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000725130517.I51462>