theoretical question - can root's username be changed?
Mike McCarty
mike.mccarty at sbcglobal.net
Fri Dec 2 19:22:56 UTC 2005
Scot L. Harris wrote:
> On Fri, 2005-12-02 at 00:17, Mike McCarty wrote:
>
>>John Summerfied wrote:
>>
>>>Mike McCarty wrote:
>>>
[snip]
>>>The windows model is, to my mind better; where it falls down is the
>>>implementation.
>>
>>The Windows NT (and hence XP) model is superior, yes.
>>
>
>
> Is it? Best practice is to use the least privilege possible to get the
> job done. By creating users that login with super user privileges you
> break that best practice. You still need a user that can admin the
> box. But individual users under linux or any unix like OS can be
> granted all or some of roots capabilities via sudo or similar
> utilities. Users should not be encouraged to login directly as root to
> prevent several of the problems you listed above. By logging in as a
> normal user and then using su or sudo an audit trail is left so things
> can be tracked down if needed and traced to a particular users account.
> Logging in directly as root leaves it open as to which user did
> something on the system.
Nothing you said disagrees with what I wrote.
> Windows suffers because by default most users have admin or super user
> capabilities. This in turn becomes the conduit that so many of the
> viruses use to gain complete control of the system.
Eh? Not on any machine I administer, they don't.
> If they used the least privilege rule viruses would not be as easy to
> spread since they would not run with super user like privileges in most
> cases.
>
> Both systems can be run securely by using best practices. Unfortunately
> most windows systems by default do not use such practices. And many new
> linux users use root as their day to day login instead of setting up a
> normal user. In the long run that will come back to bite them.
ANY security system can be abused.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
More information about the users
mailing list