On Mon, 15 Apr 2002, Dan Brown wrote: > > One of the first things you will do in setting up a server is > > create a user account for yourself, set the shell for your account > > to /bin/bash and then give your account equivalent root sudo > > privileges in /etc/sudoers. > > I'd agree with the first two steps, but the third seems like you'd > be back to the equivalent of just logging in as root. A little > better, I guess, as an attacker would need to know what accout to try > to crack, but once they're in, it's just a matter of 'sudo rm -rf /". > If you have to su, you also need the root password. Of course, it's > entirely possible I'm missing something.
Dan, somewhat tangentially I was arguing for using sudo as good administrative practice. I didn't mean to anyway imply that it would increase security from a hacking point of view. It's all to easy to login as root and leave the session open, forgetting that it's a root session and then doing something hare-brained. With sudo it's always explicit that you are doing something as root. -=-=-==-=-=--=-=-=-=-=-=-=-=-=-=-=-= Graeme Robinson - Graenet consulting www.graenet.com - internet solutions -=-=-=-=-=-=-=-=-=-=-==---=-=--=-=-= -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
