Steffen Dettmer schrieb:
* Volker Kuhlmann wrote on Thu, Jan 16, 2003 at 21:13 +1300:
In fact you should disable remote login for root via password (and maybe even with ssh key), and only allow a normal user to get root using su.
Selecting permissions "paranoid" breaks this, as it removes the suid bit from su, thus preventing any normal user to su to root. A quick edit to /etc/permissions.paranoid fixes that.
I think it's nice to make SSH logins possible by key only, and having no (human) users on the machines if possible :) I trust more in a SSH key than in su :)
oki,
Steffen
why not disable su and root/ssh completely and use sudo instead? sudo has a simple configuration file and lets system users issue commands as root. the commands are limited to those permitted in the configuration file. so you have to login as an ordinary user and can use just those root-commands that your sysadmin has allowed you to use... greets, Christoph