Re: Why should non-root users have a password?

To: debian-user@lists.debian.org
Subject: Re: Why should non-root users have a password?
From: Terry Hancock <hancock@anansispaceworks.com>
Date: Sun, 7 Dec 2003 14:20:52 -0600
Message-id: <[🔎] m1AT5Hu-007mzSC@mail.augustmail.com>
Reply-to: hancock@anansispaceworks.com
In-reply-to: <[🔎] 20031207192841.GB1024@comcast.net>
References: <[🔎] 20031207192841.GB1024@comcast.net>

On Sunday 07 December 2003 01:28 pm, Tom wrote:
> If I have a firewall, and I'm the only person who uses my computer, do I 
> really have to have a password on my non-root account?
> 
> I know the answer is "yes" but -- why?  They can't do anything to my 
> machine anyway, except use it.  And due to the firewall that never 
> happens anyway.

If you really know that, then the answer is no, you don't need it.

But for those of us who are paranoid enough to think that our
firewall might not be perfect or that someone might try to access
our computer from the console, there are reasons.

The first step in most root exploits is to get normal user access, and
so it's helpful if that's not too easy.  *That* is why you don't want
"just anybody" to use your system.

Cheers,
Terry

--
Terry Hancock ( hancock at anansispaceworks.com )
Anansi Spaceworks  http://www.anansispaceworks.com

Reply to:

References:
- Why should non-root users have a password?
  - From: Tom <tb.31123.nospam@comcast.net>

Prev by Date: Re: Why should non-root users have a password?
Next by Date: Re: Linux vs. SCO: 1-0
Previous by thread: Re: Why should non-root users have a password?
Next by thread: Re: Why should non-root users have a password?
Index(es):
- Date
- Thread