Le 15.08.2013 04:11, Richard Hector a écrit :
By using su, with root's password, that means everyone who has root has full root and knows the same password, so that will have to be changed if they are to be blocked, which means communicating the new password to
all the required users.

I apologize, but I think that this statement about everyone with root access having the same password is wrong. You can just create an root account for every people with root access, giving them the ID 0 and you will not need to communicate highly sensitive passwords.

Also, if we speak about high security or accounts ( which is something I will probably never have to work with ) , I think that if one day I have to administrate a server, I would try to rename root into something else. Why? Because everyone knows ( ok, every potential attacker ) the name of root, which means half the informations needed to login in it ( yes, I know that root passwords should be safe, but there are 2 ways to protect something: put it into a giant, unbreakable safe, or simply hiding it. Combining both seems always better to me. ) . Of course, I'm sure that this would imply to work around few things on usual systems...

Well, I am not a sysadmin (and to be honest, most of my accounts are easy to stole, including the root password of my personal computers), so I might be wrong in some of my phrases. If so, please correct me.

My 2 cents.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/6447dcff237b2377b292c7d7d860b...@neutralite.org

Reply via email to