 |
 |
Archives of the TeradataForum
Message Posted: Mon, 21 Oct 2002 @ 17:47:08 GMT
| Subj: | | Re: Root logon from NON CONSOLE Terminals |
| |
| From: | | Charles Farley |
Anomy Anom wrote:
| | Has anyone else UNCOMMENTED the line in /etc/default/login (below this line) to prevent people logging in directly as root?? | |
Yes, I've used this on a number of systems, it's nice, but if you are running any scripts remotely as root (another no-no), they
may not be able to run. You can still log in as any id and "su -" to root (or just "su"), this will work just as nicely. There is also
some usefulness in the bsd function of a "wheel" group on the system. This is a group that allows it's members some sysadmin functions on
the system.
Back to the question, I've used this and liked it in a number of situations, but it can hinder some people's ideas of what they should or
should not be able to do (I will point to the example of a professor at school that liked to login as root whenever he had an account on a
box because "everything just works then..." Bad rationale as to why he needed root, and why he should login as root, but it was what he
believed.
IMHO, there shouldn't be any reason for root to need to remotely login, whatever needs to be done, should be able to get done as a user
su-ing to root from a user login session. However, it would be good to test (if possible) against your crontab file and any system checks
you may have running that may or may not need to have remote root availability.
Hope this helps some,
loadc
| |
