Firewalls and Virusscanners
Brian McKee
brian.mckee at gmail.com
Tue May 26 01:09:16 UTC 2009
On Mon, 2009-05-25 at 20:41 -0400, Darryl Moore wrote:
> These are interesting points.
>
> I give root a password on my network machines. They are all strong
> passwords, and every machine has a different root password, so that if
> one gets compromised it doesn't directly threaten the entire network.
> I know Ubuntu doesn't allow root login, and I presume the idea behind
> this is to simply provide a second unknown (the access user name) to
> a would be intruder. This really is no more secure than having a
> sufficiently strong password though.
No, that's not really the idea.
Sudo allows you to give equiv to root access to more than one person,
without them sharing a password, thus you can remove one without
affecting the other. It also keeps a log of all activities, and *who
did them* so you can find out which turkey actually made the mistake :-)
see https://help.ubuntu.com/community/RootSudo if you aren't familiar
with it. (even though it claims the same security thru obscurity user
name routine you mention)
Brian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-ca/attachments/20090525/287e8a52/attachment.pgp>
More information about the ubuntu-ca
mailing list