Date: Thu, 10 Nov 2005 08:03:57 -0800 From: David Kirchner <dpk@dpk.net> To: freebsd-stable@freebsd.org Subject: Re: upgrading 5.4 -> 6.0 without reinstalling. safe ? Message-ID: <35c231bf0511100803n14674398u3dedbee245c9f264@mail.gmail.com> In-Reply-To: <200511101444.jAAEii8H010916@lurza.secnetix.de> References: <20051110142455.GA33797@pc5-179.lri.fr> <200511101444.jAAEii8H010916@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/10/05, Oliver Fromme <olli@lurza.secnetix.de> wrote: > Well, I vote for /sbin/nologin as root's login shell. > > In single-user mode, the systems asks for the shell, with > /bin/sh being the default. In multi-user mode, nobody > should ever log in as root. You rather log in as normal > user and then use "su -m", or use sudo(8) or super(1) or > whatever. It's awkward to have to reboot a machine just to log in to it from a console. Let's say you're colocated and utilize a "remote hands" service, or you make a mistake with your firewall. You're better off disabling root logins in sshd_config, so no one can use root from remote. Then you can leave a password on the root account and still have console access. I just leave root logins enabled and use ssh keys. Leaves a very nice, easy to follow, one-line-per-login "paper trail" of who logged in as root from where and when. But it all comes down to preference, since all options for root access (su, ssh keys, sudo, etc) all carry risk.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35c231bf0511100803n14674398u3dedbee245c9f264>