Re: dangerous to leave root logged in?

From: Keith Keller (kkeller-usenet_at_wombat.san-francisco.ca.us)
Date: 03/29/05


Date: Mon, 28 Mar 2005 15:28:43 -0800

On 2005-03-28, hans_schulze98@yahoo.de <hans_schulze98@yahoo.de> wrote:
>
> prg wrote:
>
> So what's the problem with an idle root-xterm? Where's the risk? It
> just sits there.

...waiting for someone to type the wrong thing into it. Even the best
admins make mistakes; having a root shell open that's not being used
adds to the probability that it will be misused (even by accident).

>> Applications that _run_ as root (eg., config tools) for their
> duration
>> are _not_, _not_, _absolutely_not_ to be left "hanging around" for
> your
>> convenience (ie., laziness). Invoke them, use them, then close them.
>> Period.
>
> Strong convictions like this require reasons.

If he removes two of the _not_'s, does he still require a reason?

The basis of the advice is to minimize the chance that, intentionally or
by accident, a dangerous command can be used by root. If all of your
root-authorized users are perfect all of the time, then there's probably
no problem with leaving a root shell available at all times. If not, I
suggest you consider everyone's advice and limit the time you or anyone
else has a root application running.

--keith

-- 
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information


Relevant Pages

  • Re: delete near-disaster
    ... let's say I want my root shell to be the same no matter what I'm ... > put these commands? ... For other reasons maybe. ...
    (comp.os.linux.misc)
  • Re: piece of mind (Re: Moderated posts?)
    ... work in a root shell would be a pain at best - and doing it on just ... It's still not a perfect solution for a few reasons, ... The reasonable man adapts himself to the world; ...
    (Debian-User)
  • Re: Root shell
    ... want your root shell on the root hard drive. ... default I can see how that can cause troubles. ... This explains one of the reasons not to change root's shell: ... Glen Barber ...
    (freebsd-questions)
  • Re: dangerous to leave root logged in?
    ... >> or by accident, a dangerous command can be used by root. ... >> probably no problem with leaving a root shell available at all times. ... > that remote root login is safer than console-only root login?? ... logins running at all, remote or otherwise. ...
    (comp.os.linux.security)
  • Re: GNOME hangs
    ... If you would like some good advice instead: ... you care about. ... Les Mikesell ...
    (Fedora)