On Wed, 7 Sep 2005, Adam bultman wrote:
> Sadly, not allowing root access isn't always an option. If you don't
> have serial access or physical access to the server, the additional
> steps required to ssh in as a user and then switch to root is often
> impossible (For example, there's a number of systems at work that tank.
> When they tank, you can get in as root, but not as a user).
If you have systems that tank then you really should have some kind of out of
band access, such as a serial console server or what have you. Even on my own
systems where I don't have immediate physical access (like my co-lo'd server)
I still live by that rule religiously. Of course, my systems don't typically
tank, which begs the question if there isn't something you could be doing to
better protect the system.
> It's dangerous, but there's always rules you have to break.
No rule is absolute, to be sure, but there's more than a few that should never
be broken lightly.
> Arthur: Would you like to be my escort on a tour of the country?
:-) I already have the fish...
--Arthur Corliss
Bolverk's Lair -- http://arthur.corlissfamily.org/
Digital Mages -- http://www.digitalmages.com/
"Live Free or Die, the Only Way to Live" -- NH State Motto
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Sep 7 16:06:18 2005
This archive was generated by hypermail 2.1.8 : Wed Sep 07 2005 - 16:06:18 AKDT