SU vs. ssh root at host
Jason Stone
jason at dfmm.org
Sat Feb 24 21:54:55 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> So: For what possible reason would I want to su to root, or any
> other account, instead of simply authenticating with the correct UID
> in the first place?
>
> What comes to mind is the concept that only certain users might be
> allowed to su to root, and that by forcing to users to log in as
> themselves, an accounting of *who* went to root may be done.
This reminds me that there was some discussion a while ago about logging
the fingerprint and/or comment associated with a key when that key was
used to log in. Has anyone does this yet? If not, is there any reason it
wouldn't be desired?
> This seems to me an instance where accounting is being valued higher
> than authorization--a broken model, since a flaw in authorization will
> create misleading accounting logs.
Not necesarily - if you're really paranoid about your logging (eg, you log
to an ultra-secure remote host, or to a line printer, etc), then you can
probablly be reasonably sure that you'll have good logs. Moreover, there
are many business types who feel that things like due dilligence and
liability (and hence good logging) are more important than actually
protecting your machines and your data. I'm not one of theses people, but
I've been employed by such people in the past....
-Jason
---------------------------
If the Revolution comes to grief, it will be because you and those you
lead have become alarmed at your own brutality. --John Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE6l5MGswXMWWtptckRAi+/AJsFm7GOCkyd1WIvkDLE9dLDp5DDigCfUehp
b16o6xbKp9ycen1QEdmExUk=
=qJER
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list