Date: Fri, 2 Nov 2001 08:18:34 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "Mike Meyer" <mwm@mired.org> Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org> Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Message-ID: <007e01c1636e$97016d10$0a00000a@atkielski.com> References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike writes: > I typically don't allow root to login at all, > but I'm a bit paranoid. So am I, which is why this makes me uneasy. The machine is off the Net for the moment, but I want it secured before I put it thereon. I'd still like to be able to log in as root from my other machine on the LAN, however (and that's it, except for the system console, of course). > I haven't used it myself, but if you're running > -stable, try reading the login.access man page, > which provides exactly the facilities you > want. I tried it, and it seems to be exactly what I need. Now only my other machine can login as root. > I'd still recommend not allowing root to log > in remotely. If there weren't so many blasted things that have to be done as root, I'd agree. But almost everything affecting the system requires root, it seems. > The thing that pops immediately to mind is > the number of security rings. The implemented architecture already had eight rings; how many did they originally want? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007e01c1636e$97016d10$0a00000a>