Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] on root logins (1)
- Date: Wed, 28 Dec 2005 14:34:14 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: [tlug] on root logins (1)
- References: <ea4e853e0512241908t260aeadbv4115aaf74a358e64@example.com><7e92f16c0512251739l70e892f3g9365fedb05c8ce47@example.com><43AF4E5B.2020505@example.com> <43AF5A91.6000104@example.com><43AF5E0E.8060009@example.com><7e92f16c0512252137x25dd0289w6f42374172e65685@example.com><43AFAED3.9080809@example.com><87fyofyhv2.fsf@example.com>
- Organization: The XEmacs Project
- User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.5-b24 (dandelion, linux)
Jim Jepson requests that I clarify the seeming oxymoron "anonymous
root login".
>>>>> "sjt" == Stephen J Turnbull <stephen@example.com> writes:
sjt> In cases where "security" has the semantics of "identify all
sjt> users" [setting the root password is] simply wrong, since it
sjt> permits anonymous root logins.
There are two kinds of identity here, the account (user id) and the
user (human). In most cases on personal workstations, root is an
alias for the usual user. However, in an organizational context,
typically root is a shared account, used by several members of an
administrator team. Thus, if "root" does something, you can only pin
it down to one of several persons, and in that sense it's anonymous.
If the "something" is mischievous or destructive, everybody has
plausible deniability (including for inadvertant leaks of the
password), and everyone has somewhere between a little and a lot of
incentive to hide behind that, depending on how punitive the
organization (or external authorities like the police) are minded to
be.
Programs like su and sudo[1], although they work very differently, log
the real uid of the user who is exercising root privileges. Sometimes
to syslog or messages, sometimes to auth.log or something like that.
You might think that this doesn't matter---root can change the logs,
no?---but in fact in a high-security environment (copies of) the logs
will be written to write-only media on a different host.
Thus, in a team environment, accountability suggests that each member
should authenticate as themselves to a personal account, and access
authorized privileges from that account via su/sudo rather than a
shared account such as root.
Note that even if you su to a shell, it may be possible to trace which
instance of the root user executed various programs, but it's probably
hard to do so. Thus sudo provides the most accountability.
Footnotes:
[1] The super(1) man page doesn't mention logging, and the program
itself allows all kinds of dangerous practices. I don't think I can
recommend that one.
--
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
- Follow-Ups:
- Re: [tlug] on root logins (1)
- From: Stoyan Zhekov
- Re: [tlug] on root logins (1)
- References:
- [tlug] Kubuntu v5.10
- From: Lyle H Saxon
- Re: [tlug] Kubuntu v5.10
- From: Stoyan Zhekov
- Re: [tlug] Kubuntu v5.10
- From: Robert C Balfour
- Re: [tlug] Kubuntu v5.10
- From: Ramil Sagum
- Re: [tlug] Kubuntu v5.10
- From: Robert C Balfour
- Re: [tlug] Kubuntu v5.10
- From: Stoyan Zhekov
- Re: [tlug] Kubuntu v5.10
- From: Robert C Balfour
- Re: [tlug] Kubuntu v5.10
- From: Stephen J. Turnbull
- [tlug] Kubuntu v5.10
- Prev by Date: Re: [tlug] Changing Hardware Makes Computer Unbootable
- Next by Date: Re: [tlug] Ubuntu v5.10 - Problem booting kernel
- Previous by thread: Re: [tlug] Kubuntu v5.10
- Next by thread: Re: [tlug] on root logins (1)
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |