In <78582fa40905221202r3efedabege566a47c61144...@mail.gmail.com>, S Scharf wrote: >On Fri, May 22, 2009 at 2:38 PM, Mark Shroyer < >subscriber+deb...@markshroyer.com <subscriber%2bdeb...@markshroyer.com>>wrote: >> It *would* be safer to use neither su nor sudo, and only have root log >> in on a separate, secure console, thereby eliminating the possibility of >> password sniffing from a compromised regular account. However, few >> desktop Linux users actually run their computers this way. > >Actually on most systems I use, root login from the console is > dis-allowed, and the user >must become root after logging into their own account. This provides an >audit trail on who >logged in as root.
This is also true of my Linux configurations. I do not allow root logins via ssh and generally lock the root account so it can't be (directly) used from the terminal either. Debian's "single-user mode" is intelligent enough not to ask for the (locked) root password; I'm not sure about other Linuxes/BSDs. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
