Next: Slide 29
Up: Network Security
Previous: Slide 27
Root Security
- Only become root to do single specific tasks.
Be normal user otherwise.
- The command path for the root user is very important.
Never use `.' in PATH environment variable.
-
Never use the rlogin/rsh/rexec (called the r-utilities) suite of
tools as root. Never create a .rhosts file for
root.
-
The /etc/securetty file contains a list of terminals that root can
login from. Be careful what is here.
-
You should be able to login remotely as your
regular user account and then 'su' if you need to (hopefully over
ssh or other encrypted channel), so there is no need to be able to
login directly as root.
-
Always be slow and deliberate running as root. Your actions could
affect a lot of things. Think before you type!
Sridhar Iyer
2001-01-08