Another reason to prefer a real root over sudo
Chris G
cl at isbd.net
Tue Feb 3 18:03:50 UTC 2009
On Tue, Feb 03, 2009 at 06:33:02PM +0100, Pierre Frenkiel wrote:
> On Mon, 2 Feb 2009, Chris G wrote:
>
> > Have a root account (in which case synaptic asks for the root
> > password rather than the user's password).
> for security. there is a better method:
> use the passphrase authentication, or ssh-agent, to login as root, and put
> PasswordAuthentication no
> in sshd_config
> That way, the only serious argument against the root account
> ( known login name) is no more valid.
>
All of this is irrelevant for nearly all real-world Ubuntu users
surely, the vast bulk (and most of those here) are running home
systems with one (or maybe two or three) users. There is likely to be
a NAT router (or similar) which prevents any login/ssh access from
outside so the issue of an account whose name is known is irrelevant.
If an intruder gets physical access to the machine then knowing there's
a root account makes no difference at all, the intruder can get at
everything without needing to know any names or passwords.
OK, for multi-user systems in an office or similar environment where
there *is* outside ssh/login access things are different but it isn't
necessary to make life more complicated for home users without any
gain is it?
--
Chris Green
More information about the ubuntu-users
mailing list