On Fri, 2013-08-16 at 17:08 +0200, berenger.mo...@neutralite.org wrote: > Why would it be worse than a shared admin account? For the shared > account, I can easily understand why it's not something to do, but I can > not see the problem with multiple "root" accounts? > (I did not said that the admins should use them for daily tasks, just > that it was possible to use that to avoid changing a password when > someone lost his rights.)
You give users the needed privileges, not more, not less. If a user should need full root access, then it's ok too, this user also could get the root password directly, since it anyway would be possible to change the root password by this user, but you unlikely will give several users those rights, since if you would do that, no admin is needed anymore. It's not only a security risk regarding to viruses, data piracy etc., but also a risk that too many admins could mess up the stability of the install. You need an admin and alternate admins and users usually don't need any kind of root privilege. Don't confuse our home machines with servers of large companies, at home we even don't need this level of security, resp. at home take care that nobody can use a live media and chroot your install, so for the paranoid home computer user, encrypt the drive, change your passwords 8 times a day etc. ;), even don't store your keys anywhere, learn more than 2048 numbers by heart and type the complete key each time you want to do something. IOW as long as somebody in your flat can turn on your machine and insert a live media, you don't need to take that much care about passwords, excepted of Internet security, such a machine can be hacked by going the chroot route. However, this su, sudo debate is nonsense. Don't confuse "I'm accustomed too and would prefer" with "it's more or less secure". -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376667809.1734.22.camel@archlinux