On Mon, 2010-05-31 at 20:58 +1200, Solor Vox wrote: > On 31 May 2010 20:31, Volker Kuhlmann <[email protected]> wrote: > > And it's the very first thing I always fix on those systems, as I refuse > > to be forced to prefix everything I do with sudo. > > $ sudo su - > # > =) > > sV
Even though you lose the accountability of the sudo log, it still does add extra protection of not being to remotely log in as root, and there's no password, no certificate to enable it if/when you get there. Yes, I know there are other ways of doing it. All have their pros and cons... and I suppose sudo hasn't been tested by the hackers yet. After all, DNS was secure as until that happened (: I consider remote access available only as joe.bloggs, followed by sudo to be far safer than being able to ssh in as root. But then risk is a very subjective thing. Steve
smime.p7s
Description: S/MIME cryptographic signature
