* Justin Wells said: > > A better option is to make an alternative UID 0 user with sash that is not > > root. However, this introduces a security hole. > > It introduces no security hole, and is a reasonable idea. (Or if it does > open a security hole, then there is a bug in Debian). However it creates a small problem. sulogin uses the root account to provide a single mode prompt, it cannot (without modifications) use another UID 0 account. To use the other privileged account you'd have to login as root (which might not be possible - that's what this thread is about :)) and then su - to that other account. So, it might seem that the idea of another account is good, but without some other modifications it's not quite that practical. However, you're perfectly right - it crates no security hole. > However, I have always been in favour of root having a shell without > command history and such, since it discourages people from using > root unless they have to. Of course! Using the root shell interactively and comfortably makes people sit logged in as root all the time and make many stupid mistakes. > > I disagree and have been telling you what is wrong with the whole idea > > several times. You just don't want to listen. > > It has more or less amounted to "I don't like it, go away", and "nope, > never happened to me", and "I like boot disks" so far as I can tell. exactly... Steve, if we could hear at least one sensible argument from you... marek
Attachment:
pgp2EaSce_x5N.pgp
Description: PGP signature