l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2002 Nov 17 07:05

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] SSH Login
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] SSH Login



> ---ORIGINAL MESSAGE--- 
> Date: Thu, 14 Nov 2002 10:48:14 -0800 (PST)
> From: Jeff Newmiller <jdnewmil@dcn.davis.ca.us>
> To: vox@lists.lugod.org
> Subject: Re: [vox] SSH Login
> Reply-To: vox@lists.lugod.org
> 
> In general, giving users root power is risky business. I find it hard to
> believe you need users to install and remove kernel modules for any
> reason other than kernel development, and they should be on their
> own box.  But if you must, there is a convention:
> 
>   Never log in as root... log in as a normal user and then use the
>   "su" command.
> 
> This allows you to examine the logs to track who used root approximately
> when.

I don't even use `su` to get a root shell. I use `sudo tcsh`. This has 
several advantages:

* It doesn't change my $HOME, (it changes $PATH, $USER, $LOGNAME and
adds a few SUDO_ variables) so my user configuration files are used for
any programs I run, for example the shells themselves. This way, I don't
make stupid errors as root that would result from being unfamiliar with
the configuration. (For example, not having my rm="rm -i" shell alias
could be a serious problem.)

* I know for sure what shell I'm using as root, because I asked for it
when I switched to root.

* I don't have to know my root password (although I do know it). If
another user had the same kind of root access, he wouldn't have to know
the root password either.

Sudo gives no less logging when used this way than su does. Just note
that giving sudo access to someone to use a shell is essentially the
same as giving them sudo access to do absolutely anything (even if
you've only given them permission in /etc/sudoers to use just a few 
programs)
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.