Re: Prevent remote root logins
- From: Lew Pitcher <Lew.Pitcher@xxxxxxxxxxxxxxxx>
- Date: Mon, 10 Apr 2006 13:11:12 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
boomboom999@xxxxxxxxx wrote:
I am still not convinced.
Why 3 users with an SU privilege (running shell as root) would be
better than 3 "root-equivalent" users (UID=0)?
It wouldn't. And no one said it would.
Don't use su(1) in a case like this. Instead, use sudo(8)
With sudo(8), the /real/ root user can limit which root priviledges each
user gets, by limiting the commands that /that/ user can perform using
sudo. With su(1) or your "root equivalent" (actually, multiple root)
users, there are no such controls.
In the both cases, I need trust these people.
In the both cases, if I have a malicious or demotivated admin, my
chances to survive are small ;)
Yes, so don't use those facilities.
Instead, use sudo(8) or one of the other facilities that gives you audit
and control over which root abilities these alternate administrators can
use.
- --
Lew Pitcher, IT Specialist, Corporate Technology Solutions,
Enterprise Technology Solutions, TD Bank Financial Group
(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEOpGwagVFX4UWr64RAsQIAKCQnY7CX1eRJmqvqXuV1UOJikVtPACdHpl4
e3p16vJaO0gLsALwfV77C2s=
=nztS
-----END PGP SIGNATURE-----
.
- References:
- Prevent remote root logins
- From: boomboom999
- Re: Prevent remote root logins
- From: juanvi
- Re: Prevent remote root logins
- From: boomboom999
- Re: Prevent remote root logins
- From: Lew Pitcher
- Re: Prevent remote root logins
- From: boomboom999
- Prevent remote root logins
- Prev by Date: Re: how to enable iptables from CLI
- Next by Date: Re: Prevent remote root logins
- Previous by thread: Re: Prevent remote root logins
- Next by thread: Re: Prevent remote root logins
- Index(es):
Relevant Pages
|
