Date: Tue, 21 Mar 2000 13:20:55 -0700 From: "Angus Scott-Fleming" <angussf@geoapps.com> To: <freebsd-newbies@FreeBSD.ORG> Subject: Re: remote login as root / su-able user Message-ID: <38D77737.374.5803632@localhost> In-Reply-To: <NDBBKGBBKDPDNFIFCJEJIELECBAA.benlutz@datacomm.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Mar 2000, at 5:29, Benjamin Lutz wrote:
> I've been following the recent discussion about that guy wanting to remote
> login as root. I understand that allowing this possibility is not very
> clever, at least if the machine is accessible via the internet or any other
> larger (public) network. So if you wanna do some maintenance remotely, you
> su to root.
> But now, where's the difference? A malicious hacker could just get the
> password for a user and then su to root with that user account? Where's the
> difference? Or am I missing something obvious?
Although it's partly security, it's mostly for accountability. If
lots of folks have the root password and log in as root, who mangled
the system? OTOH, if you log in as Benjamin and su to root, I can
track who you are & what changes you make on the log ... and if you
lose your privileges at the company & I disable your login, it makes
it harder for you to break back in.
---------------------------------------------------------
Angus Scott-Fleming GeoApplications, Tucson, Arizona
angussf@geoapps.com 1-520-323-9170 / fax 1-208-248-3124
---------------------------------------------------------
Proud user of Pegasus Mail, PM-Burst and Waffle
---------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38D77737.374.5803632>