Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Use sudo, with user's password. Make the basket of users who have access to sudo be
very small, and watch it closely.
Being able to get direct access to a root shell from the internet is just crazy.
Posted Feb 15, 2007 20:22 UTC (Thu) by tetromino (subscriber, #33846)
Posted Feb 15, 2007 21:21 UTC (Thu) by rfunk (subscriber, #4054)
Posted Feb 16, 2007 0:25 UTC (Fri) by dd9jn (subscriber, #4459)
FWIW, I was talking about public key authentication for root access. This also means that revoking access is as simple as deleting one line from authorized_keys.
Where do you see the problem? I agree that logging of access is not as it should be but it is still available and come one, having root access does on most systems mean you have all the power to manipulate the logs. So why care.
Posted Feb 19, 2007 15:54 UTC (Mon) by hein.zelle (guest, #33324)
One reason I care is that it's easy to accidently turn password authentication back on. On many debian systems I've seen, the option UsePAM (on by default) effectively allows password authentication, even when PasswordAuthentication is off. This is not the case on the latest ubuntu, but dangerous nevertheless. I'd rather have an ssh login as a regular user, and then become root using su.
What is the reasoning behind not using su to become root? I understand the password will go over the line, but it's encrypted. Is this advised against for fear of keyloggers or so?
Posted Feb 16, 2007 2:27 UTC (Fri) by smoogen (subscriber, #97)
In the case of small teams.. you may not feel that you need this, but it comes in handy if the business grows... you find yourself with 12-20 people with the root password.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds