Re: dangerous to leave root logged in?

From: Keith Keller (kkeller-usenet_at_wombat.san-francisco.ca.us)
Date: 03/29/05

Next message: Keith Keller: "Re: dangerous to leave root logged in?"
Previous message: hans_schulze98_at_yahoo.de: "Re: dangerous to leave root logged in?"
In reply to: hans_schulze98_at_yahoo.de: "Re: dangerous to leave root logged in?"
Next in thread: Julia Thorne: "Re: dangerous to leave root logged in?"
Reply: Julia Thorne: "Re: dangerous to leave root logged in?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Mar 2005 15:28:43 -0800

On 2005-03-28, hans_schulze98@yahoo.de <hans_schulze98@yahoo.de> wrote:
>
> prg wrote:
>
> So what's the problem with an idle root-xterm? Where's the risk? It
> just sits there.

...waiting for someone to type the wrong thing into it. Even the best
admins make mistakes; having a root shell open that's not being used
adds to the probability that it will be misused (even by accident).

>> Applications that _run_ as root (eg., config tools) for their
> duration
>> are _not_, _not_, _absolutely_not_ to be left "hanging around" for
> your
>> convenience (ie., laziness). Invoke them, use them, then close them.
>> Period.
>
> Strong convictions like this require reasons.

If he removes two of the _not_'s, does he still require a reason?

The basis of the advice is to minimize the chance that, intentionally or
by accident, a dangerous command can be used by root. If all of your
root-authorized users are perfect all of the time, then there's probably
no problem with leaving a root shell available at all times. If not, I
suggest you consider everyone's advice and limit the time you or anyone
else has a root application running.

--keith

-- 
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

Next message: Keith Keller: "Re: dangerous to leave root logged in?"
Previous message: hans_schulze98_at_yahoo.de: "Re: dangerous to leave root logged in?"
In reply to: hans_schulze98_at_yahoo.de: "Re: dangerous to leave root logged in?"
Next in thread: Julia Thorne: "Re: dangerous to leave root logged in?"
Reply: Julia Thorne: "Re: dangerous to leave root logged in?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: delete near-disaster
... let's say I want my root shell to be the same no matter what I'm ... > put these commands? ... For other reasons maybe. ...
(comp.os.linux.misc)
Re: Root shell
... want your root shell on the root hard drive. ... default I can see how that can cause troubles. ... This explains one of the reasons not to change root's shell: ... Glen Barber ...
(freebsd-questions)
Re: dangerous to leave root logged in?
... >> or by accident, a dangerous command can be used by root. ... >> probably no problem with leaving a root shell available at all times. ... > that remote root login is safer than console-only root login?? ... logins running at all, remote or otherwise. ...
(comp.os.linux.security)
Re: GNOME hangs
... If you would like some good advice instead: ... you care about. ... Les Mikesell ...
(Fedora)