Beware though that with the current rootkits available a total idiot with a browser can download programs that can bypass many of these schemes and become root very, very, very easily. You really need to know nothing in most cases to run these rootkits so beware and keep your ftp, ssh and ssl daemons patched up to the minute.
M Katz RAE Internet -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Jere Julian Sent: Wednesday, December 11, 2002 11:24 AM To: [EMAIL PROTECTED] Subject: Re: LINUX & Security While there are exceptions to every rule it is VERY BAD form to use the root account for much of anything! Its just too dangerous. The current best practice is to disable logins as root. First root should never login over a network and probably should be locked completely. what one should do instead is setup sudo such that groups of persons have explicit access to what they need to do. This has the advantage of logging any "root" level actions that are performed and any unauthorized attempts to perform root level actions. for more information see 'man sudo' 'man sudoers' and do a google search on sudo. -Jere On Wed, Dec 11, 2002 at 04:35:43PM +0100, Rob van der Heij wrote: > At 23:20 10-12-02, Re, Vincent wrote: > > >If you're asking whether you can have multiple user IDs with UID=0, then > >the answer is yes. > > We tried this because I thought it would be nice to automatically logon the account 'Operator' on the console and let it have uid=0, but be able to separate from 'root' in that it has its own home directory and things. > Unfortunately that made the 'id' command under root return 'Operator' with all kind of annoying effects. > > Rob ---end quoted text--- -- --------------------------------------------------------------------- | Jere Julian, RHCE, CCNA Cisco Systems, Inc. ITD - IBM Sustaining | | mailto:[EMAIL PROTECTED] 7025 Kit Creek Rd, RTP, NC 27709 | ---------------------------------------------------------------------
