On Fri, 2005-12-02 at 08:34 -0500, Claude Jones wrote: > On Fri December 2 2005 8:23 am, Matthew Miller wrote: > > Beyond that, the name you pick doesn't really matter, since the power is in > > uid/gid 0, not in the name. And, someone trying to break in other than > > through password-guessing (which they won't even be able to try if you > > block external root logins) won't care what the name is; they'll aim for > > uid 0. (In fact, a common system-hacker thing to do is create a second > > account with uid 0. > > This is getting at what I was trying to understand - > This raises another question. A constant suggestion I've read is to block root > logins and use sudo. If someone breaks in using my login/pw combo, what's to > prevent them from using sudo to get root privileges? If they've hacked my > username/password, then wouldn't sudo be the first thing they'd try, too? You are correct in that. That is also the reason the suggestions are very strong that all users must have strong passwords, and that users have different passwords on different servers. Script kiddies can easily use the root account to try and hack in because of the known name. It is a little harder to identify another user and try to hack in that way, but even if they succeed with a normal user account it also still means they need another method to get root privileges. This means that breaking in with a regular user account does not give them root access directly. Sudo is one quick way to allow them the root access and as such even limited commands should be restricted to only those users that actually need it and that also use strong passwords. Security is not a single shell which opens up everything with a single crack, but rather layers that all working together do the job. > -- > Claude Jones > Bluemont, VA, USA >