On Sun, 2002-10-06 at 06:29, James Sparenberg wrote: > On Sat, 2002-10-05 at 14:52, Toshiro wrote: > > > > > > > > I agree. However I Dont run EVERYTHING as root nor am I a new user. Also > > > > being an IT Manager I DO occasionally su to root and ssh into my > > > > company's machines as root to do admin stuff so I really would not want > > > > to blast away my ssh keys nor my root env. > > > hmmm is it possible to ssh as a user and then su to root? would that not be > > > more secure? > > > > > > > What's the point in doing that way? When you use ssh, the communication > > is encrypted. I don't see the advantage of ssh as a normal user first. > > >From having had it save my buns... Big advantage is that you know who > su'd to root. I had a boy genius who "discovered" root from one of my > employee's logged in su'd and made some changes he wanted ... ie opening > up some ports for a file sharing software that he wanted to use company > bandwidth for. The only reason we caught it was because of the su... > now granted this has been a couple of years but it does illustrate a > use. (One reason I like the BSD style su over linux) The advantage.... > paper trail so to speak. > > James > > > > > > > > >
Well theres always sudo if you don't like the root password going over the wire (even encrypted, <paranoia>every few months it seems there is another security fix out</paranoia>) or other people knowing it who have admin work to do. Its a good way to limit the damage to the system by limiting access to certain resources to each user that may need "root" access to complete a task. And well if they aren't given access to a program they can't run it. And yes sudo does log successful & unsuccessful attempts if you like that kind of thing in your life (& you probably should). But back to the "/root" question, it helps to have the "Ever So Smooth" Dr. root's home on the boot partition for logins if you can't mount "/home". I don't think it was for failsafe as much as the convenience of having your settings in a secure place and available to you even if you can't mount "/home". You can always create a "/home" directory on the "/" partition with a backup normal user dir and copy it to the new partition then mount "/home" (other partition) over "/home:" (root partition) and then you would have a "/home" dir for a normal user even if you couldn't mount the "/home" dir (useful (critical even) if you have root logins disabled). --- Kiran
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com