Re: dangerous to leave root logged in?
From: Keith Keller (kkeller-usenet_at_wombat.san-francisco.ca.us)
Date: Mon, 28 Mar 2005 15:28:43 -0800
On 2005-03-28, email@example.com <firstname.lastname@example.org> wrote:
> prg wrote:
> So what's the problem with an idle root-xterm? Where's the risk? It
> just sits there.
...waiting for someone to type the wrong thing into it. Even the best
admins make mistakes; having a root shell open that's not being used
adds to the probability that it will be misused (even by accident).
>> Applications that _run_ as root (eg., config tools) for their
>> are _not_, _not_, _absolutely_not_ to be left "hanging around" for
>> convenience (ie., laziness). Invoke them, use them, then close them.
> Strong convictions like this require reasons.
If he removes two of the _not_'s, does he still require a reason?
The basis of the advice is to minimize the chance that, intentionally or
by accident, a dangerous command can be used by root. If all of your
root-authorized users are perfect all of the time, then there's probably
no problem with leaving a root shell available at all times. If not, I
suggest you consider everyone's advice and limit the time you or anyone
else has a root application running.
-- email@example.com (try just my userid to email me) AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom see X- headers for PGP signature information