Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl> wrote: > Even 15 seconds of thinking is enough to understand that logging > to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is well known :) If a system accepts remote root logins, an attacker need only guess or intercept one thing -- the root password -- to log in with root privileges. If it does not accept remote root logins, that attacker must guess or intercept three things: the login name of a user in the wheel group, that user's password, and also the root password. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
