Re: PermitRootLogin=yes versus su

From: Kyler Laird (Kyler@news.Lairds.org)
Date: 01/26/03


From: Kyler Laird <Kyler@news.Lairds.org>
Date: Sun, 26 Jan 2003 21:23:28 GMT

Roy Smith <roy@panix.com> writes:

>wclark@eden.rutgers.edu (Bill Lewis Clark) wrote:
>> Can anyone come up with some GOOD reasons to prefer su to direct root
>> logins?

>It leaves an audit trail.

I hope that someone who has gone to the trouble of thinking
this through as much as Bill has wouldn't be so naive as to
let people log in to the root account using a (single shared)
password. It's fairly simple to log the people who use an
account by tracking the keys used.

Of course doing this will eliminate the joys of generating,
distributing and protecting the root password.

--kyler



Relevant Pages

  • Re: [kde] su identification
    ... Let us also assume that the password for bravo ... and the password for root is master. ... the root account and will demand Root account's password ... type in sudo su. ...
    (KDE)
  • Re: Whats with the "Dont login as root, use su" message?
    ... know if there is anything special about console login into root account ... this executes make as root. ... So that I might be able to help other folks with real answer. ...
    (comp.unix.bsd.openbsd.misc)
  • Re: [kde] Canonical trying to kill KDE?? - Fwd: Attend CampKDE... via ... (VOIP), BerkeleyTIP &#
    ... security risk having the root account tied directly to the first user ... disable the special privileges for the the first user account. ... Use the 'passwd' command to set a root password. ...
    (KDE)
  • Re: Terminal question/USB wireless
    ... password (same one I use for installs) after inputing su and it wasn't ... then used this: sudo passwd root ... the root account, which will enable it. ... the bottom of the Login Window, not System Preferences. ...
    (comp.sys.mac.system)
  • Re: [10.4.10] How do I regain root/admin access?
    ... For instance, by default, all Mac OS X systems come factory-installed with the root account *disabled* so that nobody can log into that account. ... It appears to have given me access to folders that were being stubborn before. ... I think I'm still going to be somewhat disabled till I can purchase the install discs, so I'll have to bear with things as they are for now. ...
    (comp.sys.mac.system)