Actually, how a cracker will typically try to get in is by exploiting
security holes in deamons that listen to network ports. These programs
USUALLY run as root. Logging in as root presents little-to-no
additional risk. If your system security is weak, logging-in as root
wont cause much additional risk. If it's strong, you generally worry.
That said, if you are going to bring your machine on-line,
it would be worth your while to chech into the debia site every few days
to check for security advisories.
You also want to read the security howto, the ipchains howto, and look into
tripwire.
The real reason use of the root account is discuraged is that one poorly
typed command can really screw up your system. For example, try this:
ls a*
now try:
ls a *
one misplaced space makes a world of difference. Glad that wasn't rm
instead of ls?
Bryan
On 19-Oct-99 David J. Kanter wrote:
From what I've read, I'm relatively pertrified to use my root account unless
absolutely necessary, like configuring X or setting up my MTA. (There are
only two users here, me and root.)
But since some commands require root access, and it's a pain to su root all
the time, how secure is it to run sudo on something like wvdial or slrnpull?
I'm generally under the impression that once logged on as root and on-line
with the Internet, anyone can crack into my system. This has got to be
wrong, right?
Thanks.
--
David J. Kanter
[EMAIL PROTECTED]
Debian 2.1
