<div dir="ltr">Matt,<div><br></div><div>You do realize you can ssh in as any user (including root) if they don't have a password, all they need is a shell of some sort. I have all my systems PermitRootLogin without-password to prevent password logins as root -- keys only (and I use ed25519, none of the unsecure NIST crap -- see <a href="http://safecurves.cr.yp.to/index.html">http://safecurves.cr.yp.to/index.html</a>). </div><div><br></div><div>sudo serves a purpose. Just not much of one for me.</div><div><br></div><div>David-</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 4, 2016 at 11:54 AM, Matthew Carpenter via Linux-users <span dir="ltr"><<a href="mailto:linux-users@linux-sxs.org" target="_blank">linux-users@linux-sxs.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Actually, as a security professional, I've found it very helpful in many cases.<br>
First of all, the rest of the code is being written such that it has to support sudo or some gui-equiv (gui apps, X, etc). Being able to maintain a separation of root password from users with sudo access is also helpful. sudo allows me to provide some capabilities without granting root to anyone needing to do specialized things.<br>
btw, you can still use root. :) just set a password for root and ssh in. If you want a GUI for root, enable root as a GUI login identity. If you're in an environment large enough that more than just you need access to the root account, good luck. Accountability and logging are key.<br>
<br>
But that's my soap-box. I don't have a problem with sudo being the new root. I've found that not allowing root logins has been a significant value against attacks. Not that I can keep 0-days from pwning my machine, but I can make the cost of gaining root on them that much greater... and have more likelihood of identifying the compromise, if I'm looking.<br>
<br>
$0x02,<br>
Matt<br>
--<br>
<br>
<br>
On Thursday, February 04, 2016 12:39:44 PM Leon Goldstein via Linux-users wrote:<br>
> Wow! Great to hear from you again, David. BTW I still have my copy of<br>
> /Using Caldera Open Linux/ you coauthored.<br>
><br>
> Is it just me, or does anyone else find having to use sudo, instead of<br>
> logging in as root user, a PITA?<br>
><br>
><br>
> On 02/04/2016 12:29 PM, David A. Bandel via Linux-users wrote:<br>
> > /me waves<br>
> ><br>
> > Still lurking. $DAYJOB is running a university CS department servers<br>
> > and Linux workstations, and physics, math, civil engineering<br>
> > department servers as well -- never a dull moment. RHEL7, Ubuntu,<br>
> > Scientific Linux, Mint, more.<br>
> ><br>
> > David-<br>
> ><br>
> > On Mon, Feb 1, 2016 at 3:58 PM, John C. Voigt via Linux-users<br>
> > <<a href="mailto:linux-users@linux-sxs.org">linux-users@linux-sxs.org</a> <mailto:<a href="mailto:linux-users@linux-sxs.org">linux-users@linux-sxs.org</a>>> wrote:<br>
> ><br>
> > On 02/01/2016 03:13 AM, James McDonald via Linux-users wrote:<br>
> ><br>
> > > Hi All,<br>
> ><br>
> > <snip><br>
> ><br>
> > > Just kidding. I remember when I joined around '99 it was rather<br>
> > busy. Now<br>
> > > I'm not sure if we see a mail every 6 months.<br>
> ><br>
> > Been along for the ride since the Caldera days. The list, in it's<br>
> > various incarnations has always has been a good source for quality<br>
> > information from very knowledgeable people.<br>
> ><br>
> > > Anywho. Hi to all the lurkers!<br>
> ><br>
> > /me ;-)<br>
> ><br>
> > > PS. Running CentOS on web. Latest Fedora and Ubuntu in VMWare<br>
> > Fusion and a<br>
> > > MacBook Pro as my computing metal<br>
> ><br>
> > Opensuse here mostly, but checking out a few other distros from<br>
> > time to<br>
> > time. Don't like the systemd stuff much, but I guess it's what is now.<br>
> ><br>
> > > PPS. Discovered docker love it and hate it at the same time.<br>
> ><br>
> > Not delved there yet, looks interesting though.<br>
> ><br>
> > L8R,<br>
> ><br>
> > JV<br>
> > --<br>
> > _/- John Voigt - K9GBO - Registered Linux User #38558<br>
> > _/- System Administrator - Valley Technology<br>
> > _/- <a href="mailto:jcvoigt@gmail.com">jcvoigt@gmail.com</a> <mailto:<a href="mailto:jcvoigt@gmail.com">jcvoigt@gmail.com</a>> - Terre Haute, IN<br>
> ><br>
> > Experience varies directly with equipment ruined.<br>
> > _______________________________________________<br>
> > Linux-users mailing list<br>
> > <a href="mailto:Linux-users@linux-sxs.org">Linux-users@linux-sxs.org</a> <mailto:<a href="mailto:Linux-users@linux-sxs.org">Linux-users@linux-sxs.org</a>><br>
> > <a href="http://mailman.celestial.com/mailman/listinfo/linux-users" rel="noreferrer" target="_blank">http://mailman.celestial.com/mailman/listinfo/linux-users</a><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > Linux-users mailing list<br>
> > <a href="mailto:Linux-users@linux-sxs.org">Linux-users@linux-sxs.org</a><br>
> > <a href="http://mailman.celestial.com/mailman/listinfo/linux-users" rel="noreferrer" target="_blank">http://mailman.celestial.com/mailman/listinfo/linux-users</a><br>
><br>
<br>
><br>
_______________________________________________<br>
Linux-users mailing list<br>
<a href="mailto:Linux-users@linux-sxs.org">Linux-users@linux-sxs.org</a><br>
<a href="http://mailman.celestial.com/mailman/listinfo/linux-users" rel="noreferrer" target="_blank">http://mailman.celestial.com/mailman/listinfo/linux-users</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe. -- Albert Einstein<br>Visit my web page at: <a href="http://david.bandel.us/" target="_blank">http://david.bandel.us/</a></div>
</div>