Re: Getting ready for CentOS 5.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Les Mikesell wrote:

> 
> Errr, why is it easier to get an admin user's name and password than the 
> root password?

Because typically you only allow root login via console or an existing 
login.

You can brute force a user password (or sniff if the admin is lazy in 
how they connect - IE not using proper pass phrase, MITM attacks - 
possible with the SSH bug that Debian/Ubuntu had) etc. but normally the 
root account is disabled from remote login so it can't be remotely brute 
forced or sniffed.

What you normally do is give sudo access to the commands (or wrappers to 
the commands) that a particular sysadmin might need to use but you don't 
give them full root access, thereby limiting the damage that can be done 
should their password be compromised.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux