Re: Enabling telnet, ftp, pop3 for root...



Ertugrul Soeylemez wrote:

Short: The security depends on the authenticative security of the
initiating session, i.e. on the strength of the password for the
intermediate account in your case. Instead, use proper (e.g. key-based)
authentication mechanisms and log into root directly. If you still feel
more secure by logging into a normal account first, then at least use
better means of authentication than passwords for that account.


Depending on the environment -- No, I take that back -- in ANY environment, I'd rather see people using sudo.

sudo is not that hard to configure properly, and never gives up the root password. In addition, you can log what your people are doing and limit their root access to a whitelisted set of commands, so that they only have the access that they need to perform their duties.

sudo is an excellent tool that, IMHO, makes 'su' or 'su -' obsolete. You can't log anything if you just 'su -', or, 'sudo su -'. And corporate peoples like log files to read...

- Mike
.



Relevant Pages

  • Re: How to change admin user for GUI?
    ... Karl Auer wrote: ... When using sudo on the command line, he can use his own PW, as it should be. ... He logs in with his own username and his own PW on the standard login dialog ... I will need to do the administration on this computer, the first admin account ...
    (Ubuntu)
  • difference of opinion re: Sudo and security - 2 approaches
    ... the other is applications) regarding the best way to set up sudo. ... Solaris servers from a remote location normally They are ... I also have an in-house applications group (again a couple of people - with some ... back down to the relevant application account. ...
    (comp.security.unix)
  • Re: difference of opinion re: Sudo and security - 2 approaches
    ... > The web account SHOULD NOT be able to sudo to anything but a helper script ... I'd've expected the webadmin role account to be different from the webdata ... > I'm using su1 instead of sudo, mostly because it's easier to find, compile ...
    (comp.security.unix)
  • Which way is correct to implement sudo
    ... the other is applications) regarding the best way to set up sudo. ... Solaris servers from a remote location normally They are ... I also have an in-house applications group (again a couple of people - with some ... back down to the relevant application account. ...
    (comp.sys.sun.admin)
  • Re: Easy way/script to add another user like me?
    ... do to give a user sudo privileges is to add them to the admin group. ... I used my root account to add joker to the "admin group" via ...
    (Ubuntu)