Re: Why should non-root users have a password?

To: debian-user@lists.debian.org
Subject: Re: Why should non-root users have a password?
From: Paul Johnson <baloo@ursine.ca>
Date: Sun, 7 Dec 2003 17:12:06 -0800
Message-id: <[🔎] 20031208011206.GE25167@ursine.ca>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20031207192841.GB1024@comcast.net>
References: <[🔎] 20031207192841.GB1024@comcast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Dec 07, 2003 at 11:28:41AM -0800, Tom wrote:
> If I have a firewall, and I'm the only person who uses my computer, do I 
> really have to have a password on my non-root account?

YES!  Firewalls are not the end-all, be-all in security.  Security is
not a product, it's a process.

> I know the answer is "yes" but -- why?

Because it's easier to compromise any system once you have your foot
in the door.  This is also why your root password should not be the
same as any normal user passwords.

> They can't do anything to my machine anyway, except use it.

Really?  Apparently you don't follow the news...

http://www.debian.org/News/2003/20031121

- -- 
 .''`.     Paul Johnson <baloo@ursine.ca>
: :'  :    
`. `'`     proud Debian admin and user
  `-  Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD4DBQE/08/mUzgNqloQMwcRAtPuAKDY4UrPRO1HraL8yapZACzuthUozgCY+0ff
U2NzIgw+C+TyyAlsEP33oA==
=EIhD
-----END PGP SIGNATURE-----

Reply to:

References:
- Why should non-root users have a password?
  - From: Tom <tb.31123.nospam@comcast.net>

Prev by Date: Re: Linux vs. SCO: 1-0
Next by Date: Re: debian port for spamassassin ?
Previous by thread: Re: Why should non-root users have a password?
Next by thread: compiled new kernel 2.4.22, but computer does not power off fully
Index(es):
- Date
- Thread