Tip

Shut the door on ROOT

All UNIX administrators and almost all users understand the importance of the root account. Since ROOT provides the means to completely alter all the functions of UNIX it is important to limit access to this most critical account. The root password should be changed on a frequent basis. In situations where more than one user has access to a root account each root user should get his/her own personal account. For some UNIX implementations it is possible to use root alias accounts that use the same UID and same group as root (both 0), and are identical to the root account except that the account has a different name.

When a root user accesses a root account it is more secure to do so under a SU (switch user) command in a session. Any non-administrative user should access a root account using the SUDO function, as doing so will make it easier to control and monitor their session. The SUDO command allows limited usage of root privileges and is configurable in the SUDOERS file. SUDO requires password authentication, and its permissions are assigned by users and group.

It is particularly important to log any and all access to your systems under the root account. The SU command automatically logs the usage account access. So too does the SUDO command which uses the SYSLOGD function.


    Requires Free Membership to View

Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.


This was first published in August 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.