-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/22/07 04:07, Dave Ewart wrote: > On Sunday, 21.01.2007 at 22:03 -0500, Jim Hyslop wrote: > [snip] > The above example flies in the face of the usual advice, but that's > because the circumstances are different and possibly rather extreme. I > don't really need accountability, because I'm the only one with access. > "Adding a non-privileged user and using sudo" would actually provide > less security, because it is adding an additional > potentially-compromisable account to the server. > > However, if the above server was to be maintained by more than one > sysadmin, I'd probably disable root access entirely and insist on 'sudo' > for accountability. Further, if there were 'real users' on the system, > i.e. users who only ever did non-root work, I'd again probably avoid the > root-only approach. > > Be careful when recommending the above setup, because I believe it's > only appropriate in very limited circumstances.
I understand your thinking and rationale. The first thing that pops into my mind, though, is, "What happens if you get hit by a bus?" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFtMF0S9HxQb37XmcRAsD2AJ0VioHCTXjTvHU7YiA51fScczCH+wCfWYEO ydgtdlRJpHmXwMVZkAlnuqQ= =SAHa -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
