Re: Prevent remote root logins
- From: Lew Pitcher <Lew.Pitcher@xxxxxxxxxxxxxxxx>
- Date: Mon, 10 Apr 2006 13:11:12 -0400
-----BEGIN PGP SIGNED MESSAGE-----
I am still not convinced.
Why 3 users with an SU privilege (running shell as root) would be
better than 3 "root-equivalent" users (UID=0)?
It wouldn't. And no one said it would.
Don't use su(1) in a case like this. Instead, use sudo(8)
With sudo(8), the /real/ root user can limit which root priviledges each
user gets, by limiting the commands that /that/ user can perform using
sudo. With su(1) or your "root equivalent" (actually, multiple root)
users, there are no such controls.
In the both cases, I need trust these people.
In the both cases, if I have a malicious or demotivated admin, my
chances to survive are small ;)
Yes, so don't use those facilities.
Instead, use sudo(8) or one of the other facilities that gives you audit
and control over which root abilities these alternate administrators can
Lew Pitcher, IT Specialist, Corporate Technology Solutions,
Enterprise Technology Solutions, TD Bank Financial Group
(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v22.214.171.124 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
- Prev by Date: Re: how to enable iptables from CLI
- Next by Date: Re: Prevent remote root logins
- Previous by thread: Re: Prevent remote root logins
- Next by thread: Re: Prevent remote root logins