From owner-freebsd-questions@FreeBSD.ORG Mon Dec 15 23:10:29 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A93111065672 for ; Mon, 15 Dec 2008 23:10:29 +0000 (UTC) (envelope-from rock_on_the_web@comcen.com.au) Received: from mail.unitedinsong.com.au (202-172-126-254.cpe.qld-1.comcen.com.au [202.172.126.254]) by mx1.freebsd.org (Postfix) with ESMTP id 551F38FC19 for ; Mon, 15 Dec 2008 23:10:29 +0000 (UTC) (envelope-from rock_on_the_web@comcen.com.au) Received: from [192.168.0.199] (unknown [192.168.0.199]) by mail.unitedinsong.com.au (Postfix) with ESMTP id DC66C4482 for ; Tue, 16 Dec 2008 09:11:09 +1000 (EST) From: Da Rock To: freebsd-questions@freebsd.org In-Reply-To: <20081215234604.R56683@wojtek.tensor.gdynia.pl> References: <1229202715.18610.5.camel@laptop2.herveybayaustralia.com.au> <443agpp78i.fsf@be-well.ilk.org> <1229373442.1647.57.camel@laptop2.herveybayaustralia.com.au> <44tz95noyd.fsf@be-well.ilk.org> <1229375416.1647.63.camel@laptop2.herveybayaustralia.com.au> <4946D0CD.4040805@msen.com> <1229380311.1647.74.camel@laptop2.herveybayaustralia.com.au> <20081215234604.R56683@wojtek.tensor.gdynia.pl> Content-Type: text/plain Date: Tue, 16 Dec 2008 09:10:11 +1000 Message-Id: <1229382617.1647.88.camel@laptop2.herveybayaustralia.com.au> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Subject: Re: Firebird client fails port install X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2008 23:10:29 -0000 On Mon, 2008-12-15 at 23:46 +0100, Wojciech Puchar wrote: > > As a matter of fact I never use true root I ALWAYS use su (believe it or > > what's a practical difference between logging to root directly or doing > su? The log files log exactly "who" did what instead of anonymously. At the least they show who had su'd to root and when, but from my experience it says the user and what was done. Incidentally, I first heard of this practice through my MCSE (where basically M$ NT was bagged as the worst system ever- strange wouldn't you say seeing as it was an M$ course?), but the practice has been in use for years by old school *nix administrators and has been a specified as "best practice". Just read nearly any *nix manual or tutorial. Why do you think the sysinstall for freebsd and just about every *nix distro says to create a user account so you don't use root? It also sometimes states to use su to gain root privileges in the warning message. It actually frightens me how many new administrators don't bother with following this policy- even ISPs. It helps with forensic analysis, and if you suddenly find root doing stuff in your logs (if you follow the best practice methods) then you know it wasn't you or anybody authorised. If anybody here can tell me how to enforce this policy in practice I'd be very interested to hear it (although I doubt one could prevent console access to root ICE). Maybe a method to obtain the user's name or soemthing. I think it can only be enforced in policy and not practice, though.