Disabling root login and using another username for administration
hello there,
I am using a server with fc5 installed and wish to disable login in via Root. I still need permissions to do adminstrative tasks remotely so need to create a new user which has root permissions. I cannot find any info in the fedora forum to do this and am not sure instructions for other distributions will apply to FC5. So anyone has any guidelines on this? Oh yes and I use telnet to login not SSH. cheers! |
First of all, you cannot create more than one root user. The closest you can get, probably, is to let one user use sudo to accomplish the tasks which need superuser privileges. In this matter it's wise to only grant superuser privileges to the commands you'll be needing -- not to everything. What use would it be if you disabled your root account and then created another one? The point in disabling the root account is that all the other accounts are non-privileged to do most of the things root can do. Then, with sudo, certain users can be given the chance to, by giving their password when starting sudo, run some things as root (but not everything, since that would compromise the whole idea).
List the things you need to do, grant some user sudo rights for them, disable root account and keep a hard eye on your logs. And do NOT let anyone use sudo without passwords. More importantly, don't let anybody use sudo if it's really not needed. The less root privileges, the less trouble. |
Hi Bouncer,
Quote:
cheers! |
If you are using telnet then the extra security measure will not help since passwords are sent as clear text. You should disable telnet and root logins for ssh. Login with regular user then su for admin tasks.
|
All times are GMT -5. The time now is 11:15 PM. |