Re: Questions regarding the base system
On 10 Oct 1996, Rob Browning wrote:
osiris>Even if they don't have a console, it's still safer if you have to log
osiris>in as a normal user, then become root, since intruders would have to
osiris>get the username and password right, not just the password.
Intruder on an internal network? The point of a firewall for me is to have
more relaxed security behind it.
osiris>In addition, I bet not everything you do on those machines needs to be
osiris>done as root. When I'm just diagnosing a problem, I do it as as a
osiris>normal user (in the initial stages anyway), and then only become root
osiris>when I have to, either to get info I can't as the normal user, or to
osiris>fix the problem.
I usually do the same on our regular servers but not on these dedicated
machines. There network routers/bridges immediately require root access
otherwise you do not even have the tools available to troubleshoot.
Application servers usually contain some screwed up old application. If
you go into that old stuff something is seriously wrong. I wont run the
risk of not being able to get it just because NIS is flaky or something
and I wont put the burden of NIS on any such host. We are glad they work
and take our hands of in respect of their age <G>.
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}
{} Consulting available for Networking / Unix / Crossplatform integration {}
{} Snail Mail: FTS Box 466, 135 N.Oakland Ave, Pasadena, CA 91182 {}
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}
PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: