From owner-freebsd-security Tue Jul 25 10: 5:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id E2F9037B682 for ; Tue, 25 Jul 2000 10:05:18 -0700 (PDT) (envelope-from billf@jade.chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id D8DF71C6F; Tue, 25 Jul 2000 13:05:17 -0400 (EDT) Date: Tue, 25 Jul 2000 13:05:17 -0400 From: Bill Fumerola To: Bart van Leeuwen Cc: James Wyatt , Jean-Claude STAQUET , freebsd-security@freebsd.org Subject: Re: allow access of root user Message-ID: <20000725130517.I51462@jade.chc-chimes.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from bart@ixori.demon.nl on Tue, Jul 25, 2000 at 04:41:03PM +0200 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jul 25, 2000 at 04:41:03PM +0200, Bart van Leeuwen wrote: > Uhm, telnetting in as a user and suing to root has exactly the same > danger, your password goes over the net in plaintext. > > If you want to prevent that consider using ssh instead. > Also note that when using rsh you prevent root from logging in for > interactive access, but an rsh -l root will still > work. For those who are stupid enough to allow rsh.... > To be honest, I never really saw the point of disallowing this except for > the simple good habit of never using the root account at all, and only > becomming superuser when you really really have to. Jul 25 13:01:50 boa su: billf to root on /dev/ttyp2 That's the #1 reason you don't want several people just logging in as root. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message