Another reason to prefer a real root over sudo

Chris G cl at isbd.net
Tue Feb 3 18:03:50 UTC 2009


On Tue, Feb 03, 2009 at 06:33:02PM +0100, Pierre Frenkiel wrote:
> On Mon, 2 Feb 2009, Chris G wrote:
> 
> >    Have a root account (in which case synaptic asks for the root
> >    password rather than the user's password).
>       for security. there is a better method:
>         use the passphrase authentication, or ssh-agent, to login as root, and put
>           PasswordAuthentication no
>        in sshd_config
>        That way, the only serious argument against the root account
>        ( known login name) is no more valid.
> 
All of this is irrelevant for nearly all real-world Ubuntu users
surely, the vast bulk (and most of those here) are running home
systems with one (or maybe two or three) users.  There is likely to be
a NAT router (or similar) which prevents any login/ssh access from
outside so the issue of an account whose name is known is irrelevant. 

If an intruder gets physical access to the machine then knowing there's
a root account makes no difference at all, the intruder can get at
everything without needing to know any names or passwords.

OK, for multi-user systems in an office or similar environment where
there *is* outside ssh/login access things are different but it isn't
necessary to make life more complicated for home users without any
gain is it?

-- 
Chris Green




More information about the ubuntu-users mailing list