From owner-freebsd-security Wed Jul 26 6:28:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from ixori.demon.nl (ixori.demon.nl [195.11.248.5]) by hub.freebsd.org (Postfix) with ESMTP id 421BF37BC5A for ; Wed, 26 Jul 2000 06:27:57 -0700 (PDT) (envelope-from bart@ixori.demon.nl) Received: from smtp-relay by ixori.demon.nl (8.9.3/8.9.2) with ESMTP id PAA27108; Wed, 26 Jul 2000 15:32:38 +0200 (CEST) (envelope-from bart@ixori.demon.nl) Received: from network (intranet) by smtp-relay (Bart's intranet smtp server) Date: Wed, 26 Jul 2000 15:32:24 +0200 (CEST) From: Bart van Leeuwen To: "Crist J. Clark" Cc: James Wyatt , Jean-Claude STAQUET , freebsd-security@freebsd.org Subject: Re: allow access of root user In-Reply-To: <20000725233208.A307@pool0460.cvx20-bradley.dialup.e> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Of course audit trails etc are much nicer when people su to root, and in general being better able to see whats going on is a good reason to use su. My comment is not that using su is pointless, but that the disallowing interacive root logons like the default configuration does is pointless because that same default configuration provides easy ways around it (for example with rsh, which is also enabled by default, and yes, I know that one should be turned off, just as you should disable 'secure' on console etc to prevent direct root logons there ;-) So, the reason why I think it is pointless is because it is only done for the first 10% or so and leaves the rest to the user... well, in that case the annoyance it causes is bigger then the trouble it saves imho. Bart van Leeuwen ----------------------------------------------------------- mailto:bart@ixori.demon.nl - http://www.ixori.demon.nl/ ----------------------------------------------------------- On Tue, 25 Jul 2000, Crist J. Clark wrote: > On Tue, Jul 25, 2000 at 04:41:03PM +0200, Bart van Leeuwen wrote: > > Uhm, telnetting in as a user and suing to root has exactly the same > > danger, your password goes over the net in plaintext. > > > > If you want to prevent that consider using ssh instead. > > Also note that when using rsh you prevent root from logging in for > > interactive access, but an rsh -l root will still > > work. > > > > To be honest, I never really saw the point of disallowing this except for > > the simple good habit of never using the root account at all, and only > > becomming superuser when you really really have to. > > Two words: Audit trail. > > Since so many academic and business machines have multiple > administrators, i.e. multiple people who own root, knowing _who_ is > actually root is vital for a number of reasons. Direct console logins > by root should be discouraged on such machines as well. (When I hear > about people leaving root logged in at a console with a GUI waiting to > be exploited. "But I locked the screensaver!" Ahhh!) > -- > Crist J. Clark cjclark@alum.mit.edu > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message