On Jun 2, 2008, at 8:35 AM, Mario Platt wrote:
On Mon, Jun 2, 2008 at 9:29 AM, Ron Arts <ron@xxxxxxxxxxxxxx> wrote:
Hi,
today I found that different Linux distributions have various
policies regarding allowing remote root access. For example,
The Redhat/Fedora crowd seems to enable this on default installs,
but the Debian/Ubuntu don't, they recommend sudo.
I googled around but could not find why fedora allows it, and the
debian people just seem to have one reason: 'allowing remote root
access is bad, everybody knows that'.
Suppose I ensure that root has a very strong password, then does
it really matter either way?
Hey,
Well in my opinion, debian guys are right, and for one reason only:
Logging.
Access control with sudo is also many times more granular. "root" can
do anything, but sudo can grant root-like permissions for certain
activities to certain people. You might allow apache administration,
the ability to add users, the ability to run "apt-get upgrade" etc.
without giving someone access to replace system binaries, for example.
However, that's all an argument for using sudo instead of the root
account overall.
The reason for disallowing remote root is that it raises the bar for
compromising your machine. If someone were to gain access to your
very strong root password somehow, then owning your machine is a
simple login away. However, if remote root were disabled, that
nefarious person would first have to break into a user account and
then proceed to break the root account (via su/sudo or a local exploit).
Not only does this double the amount of work required, but it also
gives you a window of opportunity to shut them down before they
actually gain full access.
-b
