RE: [tlug] Root - NO KDE

["James Cluff" <jc@example.com>]

Disabling Root login makes it so that logging in remotely or otherwise
requires loggin in with a user account first so two passwords need to be
compromised instead of one.  That is all, it doesn't imply security.

I had never heard of sudo until your e-mail, but I have to admit after some
reading, I really like it for when you need to give some root priveledges to
someone you don't trust with your entire machine.

Especially if multiple individuals need to run commands that normally would
only be run as root.  You can let them for example restart the web server
without changing the config file or typing "rm -rf /" and ruining your
weekend!

And as a trusted administrator it uses a timestamp to disable su priveldges
after a time in case you inadvertantly walk away from your machine say
during an earthquake after su ing to root.

Very nice, thanks for the tip!!

a new sudo user



-----Original Message-----
From: Josh Glover [mailto:jmglov@example.com]
Sent: Tuesday, June 25, 2002 12:32 PM
To: tlug@example.com
Subject: Re: [tlug] Root - NO KDE


James Cluff wrote:
>
> I select not even to be able to log in as root.  I have to log in as a
> normal user and then SU to root - if I need to do something as root.  When
I
> first started, I found it was easier to just loggin as root of course, but
I
> think disabling root loggin is a good practice.

Not using your system as root is a good practise. As Jonathon points
out, disabling local root login is of limited utility.

I would also point out that in most cases, using sudo is safer even than
su'ing. Having root prompts hanging around is pretty dangerous, as the
ttys can be hijacked or you can simply forget to lock your terminal,
etc. sudo, if you are not familiar with it, allows you to run arbitrary
commands as root (or any other user, depending on your config file).


--
Josh Glover <jmglov@example.com>

Associate Systems Administrator
INCOGEN, Inc.