|
 |
On 09/13/2011 04:16 AM, Warp wrote:
> clipka<ano### [at] anonymous org> wrote:
>> Am 12.09.2011 22:17, schrieb Orchid XP v8:
>
>>> I'm not aware of any Unix system which *defaults* to letting remote
>>> users access the entire filesystem if they know the root password.
>>> Probably because it's a stunningly bad idea, unless the local network is
>>> trusted. But anyway...
>
>> To the contrary: Unix doesn't only let users who know the root password
>> access the /filesystem/, but do /anything/ they like on the machine.
>
> Except that most unix systems have been configured so that you *can't*
> log in as root remotely. The system simply refuses to accept the login.
generally true enough, but there's always exceptions, any system(s)
expected to be able to pass a security audit wouldn't allow this,
because YES it's generally considered bad practice, however there were
occasions that grabbing the system console remote was/is necessary ...
ie: problem with root filesystem (need for fsck before the filesystem is
mounted), but the audit trail required an incident report to explain why
the access occurred ... most if not all sys admin tasks /should/ be done
via sudo/su2 so as to NOT break the audit trail. Our security expert was
a fanatic about this ... he even came up with a "bone-head" trophy that
you were expected to display prominently, so other members of the admin
team could publicly ridicule you for using "root" without a good reason
... mandate from above was that protecting R&D systems and data was
SERIOUS business.
>
> Anyways, that's besides the point of transferring files. Being able to
> log in as root (remotely or not) has nothing to do with the ability to
> transfer files from one computer to another.
yep ... general access was setup so that a user either through uid/gid
affiliation gets effectively painted into a corner
Post a reply to this message
|
|
