RE: Allowing remote root login seems to be bad. Why?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I think Ron is totally right, logging is very important, not in order to
know who to blame for in case of trouble but just in order to have
visibility on your system, Logs can be really verbose, no need to
concatenate that under only one user.

I wish to add something though. Sudo allows a non-privileged user to
substantially and temporary (not more than a command-line) take Root right,
sudo is also fully configurable to only allow this features for some
restricted things (restarting only apache and mysql deamon for example), if
operators have limited tasks and action field, no need for them to have full
access, this may only cause more damage.

Limiting Root access level in a multi managed environment is really
important if you don't wanna go mad.

Thanks.

-François

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Mario Platt
Sent: Monday, June 02, 2008 5:36 PM
To: Ron Arts
Cc: secureshell@xxxxxxxxxxxxxxxxx
Subject: Re: Allowing remote root login seems to be bad. Why?

Hey,

Well in my opinion, debian guys are right, and for one reason only: Logging.
If you login the machine with root, and everyone does it as well, you
will never know who is doing what. In the case of your machine being
only administered by yourself, and you have no sudo policies, it all
ends up being the same... mas in a multi admin environment, I think
it's an absolute must...

On Mon, Jun 2, 2008 at 9:29 AM, Ron Arts <ron@xxxxxxxxxxxxxx> wrote:
> Hi,
>
> today I found that different Linux distributions have various
> policies regarding allowing remote root access. For example,
> The Redhat/Fedora crowd seems to enable this on default installs,
> but the Debian/Ubuntu don't, they recommend sudo.
>
> I googled around but could not find why fedora allows it, and the
> debian people just seem to have one reason: 'allowing remote root
> access is bad, everybody knows that'.
>
> Suppose I ensure that root has a very strong password, then does
> it really matter either way?
>
> Thanks,
> Ron
>
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux