[NTLUG:Discuss] DistroWatch 10 Most Popular Linux Distros
Chris Cox
cjcox at acm.org
Fri Apr 3 14:57:08 CDT 2009
On Fri, 2009-04-03 at 14:30 -0500, Kenneth Loafman wrote:
...
>
> If you don't give them any rights, they'll just sign on as root and stay
> there and we know that's bad. So, where's a good middle ground?
I don't know if there is a middle ground. You don't want
anonymous logins... root is usually an account that becomes
anonymous (that is, more than one person might use it).
Thus you want people to come in as their private (non-shared)
user id and then become root (sudo) in some kind of controlled
fashion.. or better, just run the programs they need as root (again,
use sudo for example).
The latter is important, in Ubuntu it's pretty easy to
just do "sudo bash" and well... that pretty much messes
things up, now doesn't it?
So my "middle" ground (which is NOT in the middle) would be
to restrict logins/shell access to individual private users
only and the restrict the exection of specific programs
to specific people for root auth (be careful NOT to give them
access to a program from which they can shell-out for
example).
More information about the Discuss
mailing list