From owner-freebsd-questions Wed Nov 7 16:34:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 6FF5537B417 for ; Wed, 7 Nov 2001 16:34:43 -0800 (PST) Received: from hades.hell.gr (patr530-a214.otenet.gr [212.205.215.214]) by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id fA80Yc003349; Thu, 8 Nov 2001 02:34:38 +0200 (EET) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id fA80Fb880251; Thu, 8 Nov 2001 02:15:37 +0200 (EET) (envelope-from charon@labs.gr) Date: Thu, 8 Nov 2001 02:15:37 +0200 From: Giorgos Keramidas To: Anthony Atkielski Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Message-ID: <20011108021537.E79276@hades.hell.gr> References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> <007e01c1636e$97016d10$0a00000a@atkielski.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <007e01c1636e$97016d10$0a00000a@atkielski.com> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Nov 02, 2001 at 08:18:34AM +0100, Anthony Atkielski wrote: > Mike writes: > > I typically don't allow root to login at all, > > but I'm a bit paranoid. > > So am I, which is why this makes me uneasy. The machine is off the Net for the > moment, but I want it secured before I put it thereon. I'd still like to be > able to log in as root from my other machine on the LAN, however (and that's it, > except for the system console, of course). Don't allow root to login over the wire. At least not if some form of encryption is not involved. I let people login as normal users on my workstation from places like New Zealand, Australia or Canada, to browse the configuration files looking for hints to set up their FreeBSD boxes, but only one user is in the `wheel' group (and is allowed to use su(1) to become root) and that is my own personal user account. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message