Actually, how a cracker will typically try to get in is by exploiting security holes in deamons that listen to network ports. These programs USUALLY run as root. Logging in as root presents little-to-no additional risk. If your system security is weak, logging-in as root wont cause much additional risk. If it's strong, you generally worry.
That said, if you are going to bring your machine on-line, it would be worth your while to chech into the debia site every few days to check for security advisories. You also want to read the security howto, the ipchains howto, and look into tripwire. The real reason use of the root account is discuraged is that one poorly typed command can really screw up your system. For example, try this: ls a* now try: ls a * one misplaced space makes a world of difference. Glad that wasn't "rm" instead of "ls"? Bryan On 19-Oct-99 David J. Kanter wrote: > From what I've read, I'm relatively pertrified to use my root account unless > absolutely necessary, like configuring X or setting up my MTA. (There are > only two users here, me and root.) > > But since some commands require root access, and it's a pain to su root all > the time, how secure is it to run sudo on something like wvdial or slrnpull? > > I'm generally under the impression that once logged on as root and on-line > with the Internet, anyone can crack into my system. This has got to be > wrong, right? > > Thanks. > -- > David J. Kanter > [EMAIL PROTECTED] > Debian 2.1 >
