Date: Wed, 29 Apr 1998 13:34:02 -0700 (PDT) From: Doug White <dwhite@gdi.uoregon.edu> To: Gary Schrock <root@eyelab.psy.msu.edu> Cc: Jan Koum <jkb@best.com>, freebsd-questions@FreeBSD.ORG Subject: Re: any way to make ssh logins log to messages? Message-ID: <Pine.BSF.3.96.980429132512.13074K-100000@gdi.uoregon.edu> In-Reply-To: <199804231912.PAA08936@eyelab.psy.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 23 Apr 1998, Gary Schrock wrote: > >P.S. -- Don't use root for eMails. :) > > Yeah, yeah, it's just too much of a pain to change it at this point :). > Although (and this really would belong on -security) I'd be interested in > hearing exactly why this would really cause any more problems than not > using root. I don't actually read the mail on the system, so I can't think > of any reason it would open things up to problems more. Mailing as root implies you log in as root. And as root, the system lets you do whatever you want even if you didn't mean it, like accidentally typing `rm -rf /' instead of `rm -rf .' Note that the . and the / key are next to each other :) In addition, it allows the distribution of root-exploit viruses & trojans and other nasty problems that Linux people typically have since they always run as root. If you want root mail to go to you then simply modify the root alias in /etc/aliases. The next question is usually how to allow remote root logins, which is disabled by default to keep people in Botswana from running passwd guessers against it. Lastly, it discourages my favorite security practice: Change the root password to something random, put it in an envelope and tape it to the CPU. Then install sudo and tell people to use that if they need admin access. With sudo you can control what programs people can execute, and see what they've been up to since it's logged. If you ever need the root password, it's there, but as of yet I've never needed to make use of it. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980429132512.13074K-100000>