On Sat, 6 Mar 1999, [iso-8859-1] Tam�s �rp�d wrote:
> It is for security reason, you can't connect directly by root, only
> with su.
> > I use win95's telnet connect to RedHat Linux (kernel 2.0.33).
> >I can not login using the name 'root'(of course I give the right
> >password), but I can login using another name(such as 'guest')
> >and 'su' to root. Why? thanks!
To expand slightly on the above answer: if you log in as root nobody
else can know who logged in as root. It is true that if you can log
into a shared account such as 'guest', and obtain a shell, you can
su to root and nobody can know who you are. But the existence of
such an account is proof of the naivete of the system administrator,
whereas the root account necessarily exists.
A secure system will have a 'wheel' group. su will have group
execute permission for that group, and will not be world-executable.
Therefore, even a person who has managed to snoop the root password
will not be able to su or log in as root without obtaining direct
physical access to the machine. So although you say you can su from
'guest', that is not necessarily the case. On an Internet-connected
system, if you can do it and are not in 'wheel', there is a security
hole which the sysadmin should fix.
These are the two reasons. To identify in the log the person who
obtained root, and to make it possible to prevent unauthorized
people from doing so remotely, even when they know the password.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
