[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Doing administrative work

On Sun, 2007-01-21 at 22:03 -0500, Jim Hyslop wrote:
> Hash: SHA1
> OK, this latest discussion about logging in as root got me thinking. I'm
>  fairly new to Linux. Occasionally, when I need to set up something (as
> an example, my recent DNS questions) I will need to edit a config file,
> and restart the daemon. I usually start by logging in as myself, then
> issue individual 'su [command]' commands. After a while, I get tired of
> typing in the root password over and over, so I just issue a simple 'su'
> and work as root from there.
> Should I be taking a different approach?

My practices are for accountability. I like to believe they are best

      * Never connect to remote machine as root... there are exceptions,
        but they are few and far between.
      * Login to a machine as a regular non-privileged user.
      * If the need arises use a method to allow "limited privileges" in
        a granular way. I use "sudo" it allows one to give "user
        creation" without giving the keys to the machine to the person
        or helpdesk person.
      * If you need a graphical method, I use "sux" or in combo "sudo
        sux -" and then run the program... then exit.
      * If you really need to *BE* root, "sudo su -" or "sudo sux -" for
        only as long as you need.

It is really all about accountability or being able to track who did
what when. To track problems caused by administration errors, or to
track when someone uses things they shouldn't. IOW, about limiting users
doing harmful things.

If you need more... ask specific questions.
greg, greg@gregfolkert.net

The technology that is
Stronger, better, faster:  Linux

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: