Re: Login as root is impossible

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 11, 2008 at 11:31:37AM -0600, Jerry Williams wrote:
> This doesn't seem very user friendly to me.
> Windoz lets you login as Administrator.
> 
> And all of the Alt Ctrl keys aren't very friendly either.
> Seems like there should be a help button to tell you what they are.
> 
> I would think that root should be allowed to login and run only the things
> that a normal user can and has to enter the root password.

It might be valuable to think about this in terms of
a richer permission model enabled by SELinux and also
the complexity of xen virtual machines...

If one was designing a 'better' security model it
seems important to ponder the single root account 
being all powerful and a structure of a mix of functional
and level based permissions.

For years I have disabled root login via 
ssh and established a short list of su and sudo ers
to protect systems that I have the keys to.

IMO The single most important security policy is to disable root
login. SELinux policy is now at the point that I leave it on and
have begun to take advantage it for small thing exposed to the wild.

The number of compromised systems we read about is small but growing
in numbers and sophistication as the bad guys continue to look
for easy attacks to take advantage of.

As we just encountered even Red Hat can find itself dealing with a breach.


-- 
	T o m  M i t c h e l l 
	Got a great hat... now what.

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux