Question

Locked

Disable Root Login

By backtrack8083 ·
Hi!
Disabling Root login via SSH is considered a best security practice but i have a confusion that if we disable the root login won't it effect those initscripts which run using root as the user?
If the servers are remote, will it be OK to disable the root logins?
In case some severe problem arise will we be good?
Thanks in advance.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

on most UNIX varieties

by robo_dev In reply to Disable Root Login

scripts don't actually login as root...they don't really login at all in most cases.

Scripts might need root privileges, and some scripts might even use SU or SUDO to elevate their privilege level, but if you have scripts that actually login as the user ROOT, then go fire your UNIX admin or at least hit him on the head with a copy of 'UNIX for dummies'. :)

In general, scripts should neither run as root or sudo to root, as either approach is unsafe. In order for the script to run, it would need to have the root password in it, which would be a handy thing for an attacker to find.

Many UNIX flavors disable root everywhere and you have to use SUDO to gain root equivalence.

Collapse -

to su or sudo that is the question

by lyle148806 In reply to on most UNIX varieties

Best practice is to disable root login via SSH, if a user requires root privilege they can then su or sudo (preferred). We permit root login on the console but only as the last option in a disaster, and trawl the logs daily in case someone breaks this rule along with using su rather then sudo.

Collapse -

Thanks

by backtrack8083 In reply to to su or sudo that is the ...

Thanks robo and lyle. Your information was very helpful. Thanks again..

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums