Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- From: Mario Spiegel <mario.spiegel@xxxxxxxxxxxxxx>
- Date: Fri, 06 Jun 2008 10:42:04 +0200
If he makes a "su -" he just change the user to "root" but you'll need the password anyway.
Only user root can switch to "usual" user accounts without password permission.
Kosala Atapattu schrieb:
On Tue, Jun 3, 2008 at 11:21 PM, David Edwards <DEdwards@xxxxxxxxxxx> wrote:Ron,
I do agree that allowing root access in some cases does make sense.
Are we missing something. Tell me that I don't understand something
here. How can a user doing "su -" and jumping to root after login with
a regular user be different from login with direct root.
Where the first option provide extra barrier for a hacker and second
lets someone do the root dance easily.
Kosala
--
Mit freundlichen Gruessen / Kind Regards
Mario Spiegel
- Follow-Ups:
- References:
- Allowing remote root login seems to be bad. Why?
- From: Ron Arts
- Re: Allowing remote root login seems to be bad. Why?
- From: Mario Platt
- RE: Allowing remote root login seems to be bad. Why?
- From: Glenn Pitcher
- Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- From: Ron Arts
- Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- From: David Edwards
- Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- From: Kosala Atapattu
- Allowing remote root login seems to be bad. Why?
- Prev by Date: RE: Allowing remote root login seems to be bad. Why?
- Next by Date: Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- Previous by thread: Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- Next by thread: Did any of you ever see a machine compromised by remote root? (Was Re: Allowing remote root login seems to be bad.)
- Index(es):
Relevant Pages
|
