Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-01-2003, 05:13 PM   #1
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Rep: Reputation: 30
Arrow The use of the 'root' account...

Hello everyone.

I wanted to start a thread about the use of the root account. Reason being is that I had some questions that I wanted to get some feedback on about the proper use of the root account.

One thing I'm currently in the habit of is using the root account for a lot of the work I do. I am doing mostly, if not all, admin work on all of our servers. I understand that root is a very sensitive account. But, what would you recommend as guidelines for use of the root account?

I mean, at this time, we currently have only one office (soon to change though) with all of our servers internal. Even though everything is internal, I would still like to find out some proper usage/guidelines, thoughts etc to make sure im not abusing the root account. (meaning, is it bad to consistenly use the root account for daily admin duties.)

I'm looking forward to hearing some responses and recommendations.

Thanks everyone.

Old 07-01-2003, 05:19 PM   #2
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 75
My first recommendation would be to install and configure sudo. That lets you execute single commands with root privilages, without actually logging in as that account. Make sure you only grant the sudo privilages that you will actually need, not ALL ALL:ALL. This is a very handy tool if you have to grant an admin very limited access to change a few things, but you don't want them to have full control over the box.
Old 07-01-2003, 05:46 PM   #3
Registered: Jun 2003
Location: Dallas, Tx
Distribution: Slackware
Posts: 65

Rep: Reputation: 15
Speaking of sudo, here's an excellent
tutorial on it :
Old 07-02-2003, 06:56 AM   #4
Registered: Jul 2003
Location: --> X <-- You are here.
Distribution: Slackware, OpenBSD
Posts: 305

Rep: Reputation: 53
Here are two tutorials, that were pretty good, from O'Reilly:

And, yes, if you are admin, sudo is your friend!
Old 07-02-2003, 07:07 AM   #5
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Whether delegating tasks tru sudo works or not, make sure you deny remote access to the account, fixate file attributes (chattr), limit the time spent and limit the "freedom" of movement during interactive logins, like exporting sane environment variables, checking $TMP/dir/file ownage, minimize using SXid tools, tools shared with "human" users or outside root's trusted $PATH and not using recreational utilities or games.

For the rest it's IMO just using common sense, like for instance you don't need root privileges to build (rpm) packages, and plain vigilance like enforcing regular audits (integrity, system, network), log(in) checks etc etc.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I retain the PATH in the root account even when I switch to root using su? thearchitect Linux - Newbie 1 08-13-2005 12:02 AM
Can't get root account ssimontis Ubuntu 6 07-05-2005 07:07 PM
Help with root account... thmonkey Linux - Newbie 3 04-05-2005 08:51 PM
Using root account mfo6463 Linux - Newbie 12 03-27-2004 11:41 PM
Root Account???????? Silverado2000 Linux - General 5 02-01-2002 12:55 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration