multi-user solution
Jim Cheetham
jim at egressive.com
Thu Apr 21 21:29:02 UTC 2005
On Wed, 2005-04-20 at 20:41 -0500, Jesse Haubrich wrote:
> I honestly can't figure why having a root account would be more
> secure.
There is one way in which having an active root account is less secure -
the case where you have an authenticated service exposed to the net,
like ssh. On my servers, I see constant door-knocking scripted attacks,
and they all try the username "root" (amongst others such as admin,
testuser, postgres, oracle, service, etc)
If there is a root password, it's possible that one day they might guess
it. If there isn't one, then they can't :-)
(However, in ssh, you should set "PermitRootLogin No" and
"PasswordAuthentication No" to stop all this)
The side-benefit of not having root, is that the new user doesn't have
to remember its password - after all, they probably didn't appreciate
what it was for in the first place, so why would they make a special
effort to remember it? This is also the decision reached by Apple for OS
X.
-jim
More information about the ubuntu-users
mailing list