From owner-freebsd-newbies Mon Mar 20 20:40:17 2000 Delivered-To: freebsd-newbies@freebsd.org Received: from smtp.datacomm.ch (smtp.datacomm.ch [212.40.5.52]) by hub.freebsd.org (Postfix) with ESMTP id 9305F37BA03 for ; Mon, 20 Mar 2000 20:40:14 -0800 (PST) (envelope-from benlutz@datacomm.ch) Received: from lutz (line387-zuerich.datacomm.ch [212.254.9.167]) by smtp.datacomm.ch (8.9.3/8.9.3) with ESMTP id FAA03868 for ; Tue, 21 Mar 2000 05:40:05 +0100 From: "Benjamin Lutz" To: Subject: remote login as root / su-able user Date: Tue, 21 Mar 2000 05:39:29 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been following the recent discussion about that guy wanting to remote login as root. I understand that allowing this possibility is not very clever, at least if the machine is accessible via the internet or any other larger (public) network. So if you wanna do some maintenance remotely, you su to root. But now, where's the difference? A malicious hacker could just get the password for a user and then su to root with that user account? Where's the difference? Or am I missing something obvious? Have a lot of fun, Ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message