Subject: Re: "Don't login as root, use the su command."
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: current-users
Date: 02/10/2000 21:17:45
> Besides the fact that it is indeed inherently bad security to log in
> directly as root (this need not turn into a security thread folks),

Um, if you don't want it to turn into a security thread, don't make
dogmatic security statements that aren't true!

Direct logins as root are not inherently bad security.  Like most
things, they have problems and benefits, and in some environments, the
problems outweigh the benefits; in others, it's the other way around.

Admittedly, the environments where logging in as root is not a Bad
Thing are comparatively rare - disaster recovery is one; machines with
only one human user who is also a skilled enough admin (or a
sufficiently nonprecious machine) that running as root is not a big
deal is another.  (This list is not exhaustive.  There is at least one
other that comes to mind.)

> why is it so much beyond people's means to simply edit root's .login
> and/or .profile to remove the message?

Is it?  It certainly isn't for me.  I think this started when someone
proposed changing the message and asked for opinions.  I offered mine
(explicitly marked "Since you asked", as I recall) and it promptly blew
up into a big discussion.

					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B