Re: Questions regarding the base system
'Christoph Lameter wrote:'
>
>On 10 Oct 1996, Rob Browning wrote:
>
>osiris>Christoph Lameter <clameter@waterf.org> writes:
>osiris>
>osiris>> On all my systems that I have installed here on campus I later remove the
>osiris>> user because the user interferes with NIS or is a security hole since the
>osiris>> system should only be accessed in exceptional cases by system
>osiris>> administration.
>osiris>
>osiris>I thought that there were some very good security reasons not to allow
>osiris>direct root logins from anywhere other than the console.
>This is true for a system having a console. But my units here run
>headless. They can only be administered remotely. The ones who are
>dedicated to some obscure network task are touched once every few months
>and they are on an internal firewalled network.
No, you slogin as a user and su or sudo or whatever to become root.
The extra user adds security at the price of minor inconvenience. I
manage 5 networks this way. Why does headless imply the need for
direct root login?
--
Christopher J. Fearnley | Linux/Internet Consulting
cjf@netaxs.com, cjf@onit.net | UNIX SIG Leader at PACS
http://www.netaxs.com/~cjf | (Philadelphia Area Computer Society)
ftp://ftp.netaxs.com/people/cjf | Design Science Revolutionary
"Dare to be Naive" -- Bucky Fuller | Explorer in Universe
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: