Re: Root login
Le Jeu 4 septembre 2008 14:25, PaweÅ? Krzywicki a écrit :
> On czwartek, 4 wrzeÅ?nia 2008, kishore@vodafone.it wrote:
>> i too noticed a similar thing when i installed on my new laptop etch.
>> the solution was as Cerbelle said. Login as a normal user and do sudo (
>> or you can activate root login from the login menu; but i personally
>> consider it really dangerous!)
> I am wondering why this is dangerous?
> If your password is seen as "strong" "FaG34#fCFD12drtfdg" something like
> this for example why this is dangerous?
Just because you log in "anonymously". In fact, if several people need a
root access, there are two possibilities :
- everybody knows and use the same root account/password, but you will bot
be able to know who made what. You can only see from which IP the "root"
connection was made.
- "root" account is locked, without password. nobody can directly connect
to it. everybody first need to connect with their personal account and
password before executing something as root. Nobody knows another one's
password, there is no common account or password and you can always know
who ran this damn "rm /etc/passwd".
Furthermore, root is also ALWAYS the first account to be attacked by
script kiddies. If it is locked, you are sure they will not be able to
connect to this account.
Francois Cerbelle
--
http://www.cerbelle.net - http://www.afdm-idf.org
Reply to:
- References:
- Root login
- From: "kishore@vodafone.it" <kishore@vodafone.it>
- Re: Root login
- From: Paweł Krzywicki <krzywicki.pawel@googlemail.com>