On Sunday, 21.01.2007 at 22:03 -0500, Jim Hyslop wrote: > OK, this latest discussion about logging in as root got me thinking. > I'm fairly new to Linux. Occasionally, when I need to set up something > (as an example, my recent DNS questions) I will need to edit a config > file, and restart the daemon. I usually start by logging in as myself, > then issue individual 'su [command]' commands. After a while, I get > tired of typing in the root password over and over, so I just issue a > simple 'su' and work as root from there. > > Should I be taking a different approach? As people have mentioned, sudo is always useful here. However, the way you manage the system can be different depending on whether (a) there are other sysadmin users of the system, other than yourself, and (b) whether there are other *non*-sysadmin users of the system. [The example that follows is a counter-example to the most-commonly-offered advice, but that comes because it's a different setup to normal.] For example, I have one or two servers which run a couple of very basic services each, e.g. DNS, DHCP and I am the only user, namely the sysadmin. There's no graphical environment on these servers and the whole installation is very minimal. There are no other 'users' on the system. And, *every* job that needs to be done to that system (editing the DNS hosts files, restarting the daemons and so one) needs to be done as root. The system is never used in a non-root context. Therefore, to manage this system I set up no further users other than root, and install my SSH key in root's account, then reconfigure SSHd to allow root logins via key only (so that even someone knowing the root password is unable to login via SSH, unless it's me with my SSH key); I have physical access to the machine, so if it all goes horribly wrong I can of course login as root at the console. If appropriate for the situation, I will probably also install IPtables to ensure that SSH access is only permitted from certain hosts or subnets. The above example flies in the face of the usual advice, but that's because the circumstances are different and possibly rather extreme. I don't really need accountability, because I'm the only one with access. "Adding a non-privileged user and using sudo" would actually provide less security, because it is adding an additional potentially-compromisable account to the server. However, if the above server was to be maintained by more than one sysadmin, I'd probably disable root access entirely and insist on 'sudo' for accountability. Further, if there were 'real users' on the system, i.e. users who only ever did non-root work, I'd again probably avoid the root-only approach. Be careful when recommending the above setup, because I believe it's only appropriate in very limited circumstances. I'm sure I'm opening myself to some criticism by mentioning the above; please *read* what I've written before replying with "You shouldn't ever use root directly", because I don't believe that's an appropriate criticism in this case. ;-) As always, so long as one properly considers the implications and carefully assesses the risks versus conveniences of any particular setup, you should do fine. Cheers, Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature