[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Questions regarding the base system

'Christoph Lameter wrote:'
>On 10 Oct 1996, Rob Browning wrote:
>osiris>Christoph Lameter <clameter@waterf.org> writes:
>osiris>> On all my systems that I have installed here on campus I later remove the
>osiris>> user because the user interferes with NIS or is a security hole since the
>osiris>> system should only be accessed in exceptional cases by system
>osiris>> administration.
>osiris>I thought that there were some very good security reasons not to allow
>osiris>direct root logins from anywhere other than the console.
>This is true for a system having a console. But my units here run
>headless. They can only be administered remotely. The ones who are
>dedicated to some obscure network task are touched once every few months
>and they are on an internal firewalled network.

No, you slogin as a user and su or sudo or whatever to become root.
The extra user adds security at the price of minor inconvenience.  I
manage 5 networks this way.  Why does headless imply the need for
direct root login?

Christopher J. Fearnley            |    Linux/Internet Consulting
cjf@netaxs.com, cjf@onit.net       |    UNIX SIG Leader at PACS
http://www.netaxs.com/~cjf         |    (Philadelphia Area Computer Society)
ftp://ftp.netaxs.com/people/cjf    |    Design Science Revolutionary
"Dare to be Naive" -- Bucky Fuller |    Explorer in Universe

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: