[ale] Linux Distributions
Michael B. Trausch
fd0man at gmail.com
Wed May 18 03:20:50 EDT 2005
Jim Popovitch wrote:
> On Tue, 2005-05-17 at 21:43 -0400, Michael B. Trausch wrote:
>
>>The point is that if you're running as root, you're effectively making
>>it that much easier to replace binaries. That's the point. That's the
>>security-smart reasoning behind it. You're then bypassing any sort of
>>protection that is there to help you as an SA keep it intact and reduce
>>your workload later. init, runs getty, and it's own scripts, protect
>>them, and you're more secure then just running as root.
>
> If that is it, and only it, then it is a weak reason to require a second
> priviledged user account just to protect binaries. Mount things ro, or
> chattr, (something like MS System Restore), etc., but a second
> credentialed account (root) seems like a more vulnerable solution and
> one with a false sense of security.
>
I believe that a system should only have one SA.
And then the ability to delegate permissions on an "as-needed" basis.
Give people more then what they absolutely need, and yes, you've created
an unnecessary security risk.
--
Michael B. Trausch <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/ Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934 FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG? Key at pgp.mit.edu, Please Encrypt E-Mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
More information about the Ale
mailing list