[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to patch a physically weak system & recommended use of su do?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: How to patch a physically weak system & recommended use of su do?
- From: "Spruell, Darren-Perot" <Darren_(_dot_)_Spruell_(_at_)_chw_(_dot_)_edu>
- Date: Thu, 18 Aug 2005 09:40:42 -0700
From: Scott Plumlee [mailto:openbsd_misc_(_at_)_plumlee_(_dot_)_org]
> > Took me a while to get interested in sudo, which is
> unfortunate. Way
> > cool program.
> > When I set up an OpenBSD system, one of the first things I
> do is create
> > a personal user for myself, put myself in the wheel group, configure
> > sudo to let wheel users do anything, log in as that user,
> and disable
> > root logins. Completely disable. This does a few things...
> Is your preferred method for doing so to remove the root user, or set
> the shell to nologin, or something else? I like the idea, but I'd
> rather not shoot myself in the foot doing it.
Bad idea to disable root's console login capabilities - you do need to run
system maintenence from time to time. Pick a secure password and secure the
physical access to the machine, but don't lose root's ability to log in.
The suggestion is probably in reference to disabling root logins from sshd.
Then you're forced into logging in remotely as a non-root user, at which
point you can use sudo to run commands as root post authentication.