Login as root is impossible
Nifty Fedora Mitch
niftyfedora at niftyegg.com
Thu Sep 11 21:57:41 UTC 2008
On Thu, Sep 11, 2008 at 11:31:37AM -0600, Jerry Williams wrote:
> This doesn't seem very user friendly to me.
> Windoz lets you login as Administrator.
>
> And all of the Alt Ctrl keys aren't very friendly either.
> Seems like there should be a help button to tell you what they are.
>
> I would think that root should be allowed to login and run only the things
> that a normal user can and has to enter the root password.
It might be valuable to think about this in terms of
a richer permission model enabled by SELinux and also
the complexity of xen virtual machines...
If one was designing a 'better' security model it
seems important to ponder the single root account
being all powerful and a structure of a mix of functional
and level based permissions.
For years I have disabled root login via
ssh and established a short list of su and sudo ers
to protect systems that I have the keys to.
IMO The single most important security policy is to disable root
login. SELinux policy is now at the point that I leave it on and
have begun to take advantage it for small thing exposed to the wild.
The number of compromised systems we read about is small but growing
in numbers and sophistication as the bad guys continue to look
for easy attacks to take advantage of.
As we just encountered even Red Hat can find itself dealing with a breach.
--
T o m M i t c h e l l
Got a great hat... now what.
More information about the fedora-test-list
mailing list