[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New 2.9 install questions...

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: New 2.9 install questions...
From: Steve Elkins <sgelkins_(_at_)_nortelnetworks_(_dot_)_com>
Date: 15 Feb 2002 16:06:59 -0500

Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de> writes:

> On Fri, Feb 15, 2002 at 03:01:55PM -0500, Eric LeBlanc wrote:
> > > Don't log in as root. You should not do that anyway.
> > >  
> > Why?
> > Which difference between (in physical machine, not by telnet or ssh or
> > wathever)
> 
> [login as root ./. su'ing]
> 
> you should not do that either.
> If you need root access for a given task, get root access for _exactly this
> task_ via sudo.

And you can use syslog (see syslog.conf) to track *everything* done
via sudo.  Nowadays the first things I do after booting a fresh
install are:

1. create an ordinary user account,
2. give it sudo privileges, and
3. turn on syslog for sudo.

The trail of breadcrumbs is very nice, but never logging in as root
means forgetting the root password.  ;-)

References:
- Re: New 2.9 install questions...
  - From: Henning Brauer
- Re: New 2.9 install questions...
  - From: Eric LeBlanc
- Re: New 2.9 install questions...
  - From: Henning Brauer

Prev by Date: Re: pf and Asheron's Call next try.
Next by Date: Re: pf, nat, and routing
Previous by thread: Re: New 2.9 install questions...
Next by thread: Re: New 2.9 install questions...
Index(es):
- Date
- Thread

Visit your host, monkey.org