[nycbug-talk] A couple of security related questions

Dave Steinberg dave-dated-1097508862.83186e
Mon Oct 4 11:34:06 EDT 2004

> : I only want people to be able to log in as root from the console, no 
> ssh,
> : telnet is totally disabled.
> By default, root is denied login access via SSH, but a user can login 
> and do
> "su" to root.  I'm not sure if that's what you're talking about though.
> (That applies not only to BSD, but also in Linux.)

chmod 500 /usr/bin/su

And use caution with your sudoers file to make sure nobody can do 'sudo 
ksh' or use sudo to launch anything that can execute shell commands 
(vi, emacs, etc).

Dave Steinberg

More information about the talk mailing list