SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-05-2008, 06:38 AM
| ||||
| ||||
 root login on console Can anyone think of a reason not to allow local root logins at a console? This is assuming that physical access to the console and the server is only available to designated system admins. I mean, is there a reason that a company would have this as a policy?      |
|
01-05-2008, 06:38 AM
| |||
| |||
| Re: root login on console Yes, if direct login as root at the console is prohibited, then each of "designated system admins" has to log in first as himself, then su to root, even at the console. This creates an audit trail, the sulog, that docements who was acting as root at that time. This is necessary at some sites for security policy reasons. |
|
01-05-2008, 06:38 AM
| ||||
| ||||
| Re: root login on console >Can anyone think of a reason not to allow local root logins at a >console? This is assuming that physical access to the console and >the >server is only available to designated system admins. >I mean, is there a reason that a company would have this as a policy? I can think of a couple of reasons. I would make anyone sign in with their own account, then su to root. Since it sounds like you have several system admins, this will make tracking who is using the root account easier, because the su command logs the username of the person who runs it, and timestamps when it was run. This will enhance your overall system security, because people will need to know two passwords to gain superuser access to your sytem, and it allows you to see which system admin was using the superuser account. This will put a quick stop to any arguments as to which admin created the dreaded "finger flick", should any occur. You can also set up syslog to log to a remote machine, so if superuser is breached, they can't cover thier tracks by deleting the log. |
Linear Mode
