On Mon, 5 Jun 2006 09:44 am, david wrote: > On Mon, 2006-06-05 at 09:25 +1000, James Gray wrote: > > Yeh, I've had mixed success with that switch. Seems every sudo I use > > supports "-H -s" but only the Linux variants support "-i"...which sux > > when you divide your time between Solaris, the BSD's and Linux, then > > rsync the same .bashrc between all of them :P > > All of which doesn't quite answer my original question, which was > (restating it slightly): > > This is a server, only I access it, and everything I do on it is done as > root. I ssh [EMAIL PROTECTED], then su - > > So what is the advantage of su -i over simply activating the root > account?
It means that other people can't brute force the "root" account. Every *nix box has a "root" user, but who the hell knows what user account ID's are active? But at the end of the day, if you only have one user account, and ONLY you access the machine, and you have suitable restrictions on who has access to port 22 remotely (firewall, tcp warppers, key-based auth, whatever), then there's really nothing to be gained with sudo and essentially nothing to be lost with a "real" root user. Having said that though, the Ubuntu developers have gone to great lengths to patch a lot of tools so they work with the "no active root account" paradigm (especially on the GUI side of things) - activating root and doing things "old school" may break some of that functionality. So given that you gain/loose very little from a security point-of-view in your situation, but stand to (potentially) loose some of the Ubuntu niceness, why not just do things the "Ubuntu way"? Cheers, James -- Why do we have two eyes? To watch 3-D movies with.
pgpB3K2xC1w0G.pgp
Description: PGP signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
