> I don't understand this. If root has no password, is there any
> protection with regard to the Internet, or does the password protect
Not having a password on root is a very bad idea. I suggest if the
option still exists on Mandrake, that it be removed.
First, root can do anything it wants. Therefore *once you've gotten
into a system* and have logged in as root, you can really screw things
up.
The security is twofold - the remote computer has to be able to allow
remote logins, and be password protected. So, if the remote computer
doesn't offer telnet/ssh, then it might not matter if the system doesn't
have a root password. Even then, it would be not a very nice thing to
have.
> password would not be a problem? In other words, does the fact that root
> has a password have anything to do with Internet security? Can root
Well it's part of internet security - but of course, the fact that I could
remotely login as root in the first place is more of an insecure thing than
the fact root doesn't have a password.
Under normal circumstances, (/etc/securetty controls this) root is not
permitted to log in anywhere except the physical console. So, anyone
logging in from outside would need to know both a regular user account and
its password. Then if he gets in, he just su's to root. And we're back to
no security if root doesn't have a password.
> as super user just to see all the files and directories on MY OWN
> system!! My impression is that having no password for root would not
Unless execute permission is turned off on some system directories, a
regular user should be able to see everything with a 'normal' file
manager. Whether of course you can do anything with the files themselves
is another issue.
Personally, I don't bother running 'super user' file managers. Instead,
I have an xterm (or konsole, rxvt, etc.) running, where I've started it
with 'xterm -font 10x20 -e su - root &'. This lets me just tab over
when I need to do something as root. At any other time, I'm just 'dfox'.
> rarely uses the computer and most certainly wouldn't use the Linux side
> of it.<g> Visiting grandchildren are not allowed to use the computer,
boo hoo :)
> What is ssh? Since I'm the only user, I must be the only one allowed to
> "ssh" into the machine, but I have no idea what that means--secure
> something, I'd guess.
'ssh' is secure shell. It's analogous to telnet/rlogin, but far more secure.
>
> What is Webmin? What is a local loopback? How do I configure Webmin?
webmin is a web-based administrative tool. Configuring it to only run on
127.0.0.1 (the local loopback) is what's at issue, I would think. But
I've never used webmin.
> --Judy Miner
------------------------------------------------------------------------
David E. Fox Thanks for letting me
[EMAIL PROTECTED] change magnetic patterns
[EMAIL PROTECTED] on your hard disk.
-----------------------------------------------------------------------
