Re: Why should non-root users have a password?
On Sun, 2003-12-07 at 19:28, Tom wrote:
> If I have a firewall, and I'm the only person who uses my computer, do I
> really have to have a password on my non-root account?
>
> I know the answer is "yes" but -- why? They can't do anything to my
> machine anyway, except use it. And due to the firewall that never
> happens anyway.
You *hope* that never happens; but if it does, the password is an extra
protection. And as we have recently seen, access to a non-root account
can be a springboard to root access. It is foolish to rely on one
particular defence and bet all your security on that. Did you ever read
about the Maginot Line? Since your machine is connected to the net, you
really have a public duty to keep it properly secure, to minimise the
risk of its being taken over for sending out DOSs, viruses, spam or
warez.
A user password could also be a protection against nosy girlfriends...
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"And if thy hand offend thee, cut it off; it is better
for thee to enter into life maimed, than having two
hands to go into hell, into the fire that never shall
be quenched." Mark 9:43
Reply to: