Quoting Dan Brown <[EMAIL PROTECTED]>: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > From: Graeme Robinson [mailto:[EMAIL PROTECTED]] > > > Not that we ever use the root account for remote administering do > > we? > > To remotely log in as root? No; I connect as a user and then su. > > > One of the first things you will do in setting up a server is > > create a user account for yourself, set the shell for your account > > to /bin/bash and then give your account equivalent root sudo > > privileges in /etc/sudoers. > > I'd agree with the first two steps, but the third seems like you'd > be back to the equivalent of just logging in as root. A little > better, I guess, as an attacker would need to know what accout to try > to crack, but once they're in, it's just a matter of 'sudo rm -rf /". > If you have to su, you also need the root password. Of course, it's > entirely possible I'm missing something.
I like using su instead of messing with the sudeors method. I have since created a remote users account with the proper shell and I now log in using that user and then su to root if I need to do anything. The remote user is mainly used to access the e-smith-manager via a tunnel. Thanks for everyone's input! Tom Carroll -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
