LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   The use of the 'root' account... (https://www.linuxquestions.org/questions/linux-security-4/the-use-of-the-root-account-69386/)

tarballed 07-01-2003 05:13 PM

The use of the 'root' account...
 
Hello everyone.

I wanted to start a thread about the use of the root account. Reason being is that I had some questions that I wanted to get some feedback on about the proper use of the root account.

One thing I'm currently in the habit of is using the root account for a lot of the work I do. I am doing mostly, if not all, admin work on all of our servers. I understand that root is a very sensitive account. But, what would you recommend as guidelines for use of the root account?

I mean, at this time, we currently have only one office (soon to change though) with all of our servers internal. Even though everything is internal, I would still like to find out some proper usage/guidelines, thoughts etc to make sure im not abusing the root account. (meaning, is it bad to consistenly use the root account for daily admin duties.)

I'm looking forward to hearing some responses and recommendations.

Thanks everyone.

Tarballed

chort 07-01-2003 05:19 PM

My first recommendation would be to install and configure sudo. That lets you execute single commands with root privilages, without actually logging in as that account. Make sure you only grant the sudo privilages that you will actually need, not ALL ALL:ALL. This is a very handy tool if you have to grant an admin very limited access to change a few things, but you don't want them to have full control over the box.

hexbit 07-01-2003 05:46 PM

Speaking of sudo, here's an excellent
tutorial on it : http://krnlpanic.com/tutorials/sudo.php

Noryungi 07-02-2003 06:56 AM

Here are two tutorials, that were pretty good, from O'Reilly:

http://www.onlamp.com/pub/a/bsd/2002...y_Daemons.html
http://www.onlamp.com/pub/a/bsd/2002...y_Daemons.html

And, yes, if you are admin, sudo is your friend!

unSpawn 07-02-2003 07:07 AM

Whether delegating tasks tru sudo works or not, make sure you deny remote access to the account, fixate file attributes (chattr), limit the time spent and limit the "freedom" of movement during interactive logins, like exporting sane environment variables, checking $TMP/dir/file ownage, minimize using SXid tools, tools shared with "human" users or outside root's trusted $PATH and not using recreational utilities or games.

For the rest it's IMO just using common sense, like for instance you don't need root privileges to build (rpm) packages, and plain vigilance like enforcing regular audits (integrity, system, network), log(in) checks etc etc.


All times are GMT -5. The time now is 10:30 AM.