From owner-freebsd-questions Thu Nov 1 23:18:43 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id 1AF5637B401 for ; Thu, 1 Nov 2001 23:18:39 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fA27IEo59799; Fri, 2 Nov 2001 08:18:14 +0100 (CET) Message-ID: <007e01c1636e$97016d10$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "Mike Meyer" Cc: "FreeBSD Questions" References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Date: Fri, 2 Nov 2001 08:18:34 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 5 X-MSMail-Priority: Low X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike writes: > I typically don't allow root to login at all, > but I'm a bit paranoid. So am I, which is why this makes me uneasy. The machine is off the Net for the moment, but I want it secured before I put it thereon. I'd still like to be able to log in as root from my other machine on the LAN, however (and that's it, except for the system console, of course). > I haven't used it myself, but if you're running > -stable, try reading the login.access man page, > which provides exactly the facilities you > want. I tried it, and it seems to be exactly what I need. Now only my other machine can login as root. > I'd still recommend not allowing root to log > in remotely. If there weren't so many blasted things that have to be done as root, I'd agree. But almost everything affecting the system requires root, it seems. > The thing that pops immediately to mind is > the number of security rings. The implemented architecture already had eight rings; how many did they originally want? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message