Date: Fri, 26 Sep 2014 20:43:36 -0700 From: perryh@pluto.rain.com (Perry Hutchison) To: firmdog@gmail.com Cc: freebsd-questions@freebsd.org, kpneal@pobox.com, galtsev@kicp.uchicago.edu Subject: Re: pkg_delete bash, logged out by accident, can't ssh back in (not good) Message-ID: <54263268./Api5Tg7oKkx/Tvm%perryh@pluto.rain.com> In-Reply-To: <CAHcg-UFVFBdj9TsJQKveCA4dRxGBxQWb5aATXsS=FVCHg_DT_A@mail.gmail.com> References: <CAHcg-UGOAjobmTnWM9%2B5PiE23wXrDO8v31p5QCF07ar8aXEV8A@mail.gmail.com> <20140926210145.GA10084@neutralgood.org> <CAHcg-UFahAwG7%2BhgDiK-OLGqS_H0nKjeR4wozRHwauaUUFEsQA@mail.gmail.com> <50075.166.147.100.43.1411770059.squirrel@cosmo.uchicago.edu> <CAHcg-UFVFBdj9TsJQKveCA4dRxGBxQWb5aATXsS=FVCHg_DT_A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"firmdog@gmail.com" wrote: > Even if you are very experienced you can always screw up no matter > how old you are. :-) This is one example of why it is unwise to change the root user's shell to bash (or any shell from ports). That's what the toor user is for. If you use remote access for administration, it's wise to also have a non-root administrative user, with su privilege, with a base-system shell. That is safer than allowing root or toor to be accessed remotely, since an attacker must then guess the username, its password, and the root password in order to get root access.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54263268./Api5Tg7oKkx/Tvm%perryh>