On Mon, 2008-12-15 at 23:46 +0100, Wojciech Puchar wrote:
> > As a matter of fact I never use true root I ALWAYS use su (believe it or
> 
> what's a practical difference between logging to root directly or doing 
> su?

The log files log exactly "who" did what instead of anonymously. At the
least they show who had su'd to root and when, but from my experience it
says the user and what was done.

Incidentally, I first heard of this practice through my MCSE (where
basically M$ NT was bagged as the worst system ever- strange wouldn't
you say seeing as it was an M$ course?), but the practice has been in
use for years by old school *nix administrators and has been a specified
as "best practice". Just read nearly any *nix manual or tutorial. Why do
you think the sysinstall for freebsd and just about every *nix distro
says to create a user account so you don't use root? It also sometimes
states to use su to gain root privileges in the warning message.

It actually frightens me how many new administrators don't bother with
following this policy- even ISPs. It helps with forensic analysis, and
if you suddenly find root doing stuff in your logs (if you follow the
best practice methods) then you know it wasn't you or anybody
authorised.

If anybody here can tell me how to enforce this policy in practice I'd
be very interested to hear it (although I doubt one could prevent
console access to root ICE). Maybe a method to obtain the user's name or
soemthing. I think it can only be enforced in policy and not practice,
though.

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to