> Chicken-and-egg, just like you said. Of course, that lands us in the current > situation, where you can't tweak things such that 100% of all administration > activities can be performed remotely via drawterm... for some stuff like > setting > up disks, one still has to use the local physical terminal.
That starts to get into almost philosophical security issues. To some extent I consider this a good thing. Physical access is the ultimate privilige, so you need to physically protect your data to the extent that it's worth to you. If you've got physical protection anyway, then making physical access be required to do potentially destructive administration means you only one one avenue of compromise instead of physical and network. Having said that, because I have a combined CPU/auth/file server, I can, and sometimes do, cpu into it as the host owner and do administrative things that way. BLS
