Re: securing debian

To: Carl Mummert <mummert@tinuviel.cs.wcu.edu>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: securing debian
From: Paul Miller <paul@3dillusion.com>
Date: Sun, 26 Apr 1998 19:30:14 -0400 (EDT)
Message-id: <Pine.LNX.3.96.980426192457.1134C-100000@serv1.3dillusion.com>
In-reply-to: <19980425231526.35241@tinuviel.cs.wcu.edu>

On Sat, 25 Apr 1998, Carl Mummert wrote:

> Chris wrote:
> > > > You might consider installing the `sudo' package and using that for
> > > > all your root access.  If you do that, then you can change the
> > > > encrypted root password to * in /etc/shadow (you *are* using shadow
> > > > passwords, I hope) and thus it becomes impossible to log in as root.
> > > > 
> 
> Is this really a good thing? ...  What happens when you need to add a
> command to sudo, or when you need to come up in maintenance mode?

hmm... if you disable root access and use only the sudo package, aren't
you making your system more unsecure?

Why?  Because you would probably want to make a sudo command to edit the
sudo file.. and then a cracker only needs to sniff *one* password -- to
your account -- instead of your password and the root password.

Maybe cryptography using ssh + sudo for telnetting and root access only
from the console is a better solution.

-Paul

--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: securing debian
  - From: Carl Mummert <mummert@tinuviel.cs.wcu.edu>

Prev by Date: Re: securing debian
Next by Date: Re: A funny little mistake
Previous by thread: Re: securing debian
Next by thread: Re: securing debian
Index(es):
- Date
- Thread