- Mario Ohnewald wrote on Mon, Jan 20, 2003 at 09:41 +0100:
If you login as root someone can get your passwd and login and get full controll over your server.
I do not understand why that.
I meat why login as a user and THEN do su is more secure than login in directly as root.
I don't see why this should be better. Well, and if someone get's a user account on the server, there are more chances to get root by some missed local exploit or such.
Think the main issue for not allowing direct root logins is administration. If something goes wrong on a server where multiple people have root access, you can check who su'ed at the time something happened. It doesn't need to be only bad intentions, but everyone makes mistakes or easy to know who to ask what could have been changed when something suddenly fails. Disallowing root access also decreases the habbit of doing everything as root as well