[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] FTP Login as Root
- Subject: Re: [cobalt-users] FTP Login as Root
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Tue Jan 4 03:57:17 2000
At 01:27 AM 1/4/00 Fathi Said wrote:
> Would you not just give user admin the same root level of priveledges in
> your password file?
> ie: uid 0
Interesting!
Where would I have to add this line?
You don't add a line, you change a line in /etc/passwd.
My /etc/passwd entry for root is:
root:x:0:0:Root:/root:/bin/sh
My /etc/passwd entry for admin is:
admin:x:110:100:Administrator:/home/sites/home/users/admin:/bin/bash
The important field is the third. It's "0" in root's entry, and it's "110"
in admin's entry.
Change the 110 to 0, and when you do, admin will have the same privileges
as root.
Why would you want to do this?
If you want several people to have root privileges, but want to be able to
take them away as you wish without having to change the root password and
let everyone else know. Also if you want to log when actual individuals
log in and out with root privileges.
Why would you NOT want to do this? Since file ownerships, etc., are
determined by number and not login name, you still won't know who actually
edited or added any particular file, they will still show as owned by root.
This is considered a major security breach, because you know have more than
one account that can be compromised to gain root access.
At 01:48 AM 1/4/00 Fathi Said wrote:
Hmm...., a question:
Why is it more secure to login as root via telnet than via FTP? I don't
understand this as the passwords are sent unencrypted, no
matter how I login as root..., or am I wrong?
It is NEVER secure to log in as root. It is ALWAYS considered a major
security breach. As someone as already responded you should NEVER hack
your system to allow root login through telnet. You should NEVER us "su"
to become root in a telnet session. You should always, as Neil already
answered, use ssh. You should completely disable telnet on your RaQ,
completely disallow telnet for ALL users, and you should install SSH for
your own use.
Security is extremely important in Unix/Linux and especially on the
Internet. I guess you won't realize this until you've been hacked.
The main disadvantage of the RaQ isn't any of it's limitations. It isn't
the fact that you sometimes can't do what you want to do. It isn't that
you can easily break the "warranty". It isn't that you can't get support
as fast or as well as you'd like.
The main disadvantage of the RaQ is that it's so easy to buy, to set up,
and to use, that we don't consider all the security issues we need to use
to responsibly run an Internet-based server.
Jeff
--
Jeff Lasman, nobaloney.net
<jblists@xxxxxxxxxxxxx>
<www.nobaloney.net>, <www.mailtraqna.com>, <www.email-lists.com>