The basics of secure admin privilege use with Unix

"Some of my readers may find this a very basic article, presenting information that they already know like the backs of their hands. The frequency with which I see people — and even entire OS development teams — violating basic, common security sense with regard to secure administrative privilege use on Unix-like systems prompts me to explain those basics here, though. That does not necessarily mean they are stupid, of course; some of the “basics” are not at all obvious.

"The root account is probably the best place to start. Using the root account

"The standard administrative super-user account on Microsoft Windows is called Administrator. On Unix-like systems, it is called root instead. It’s normally a bad idea to use an administrative account for anything that you can do with a less privileged account, because any time you use any user account at all you expose that particular account to potential threats if the software run under that account’s privileges has a vulnerability that can allow someone to compromise the user account."

Complete Story

Related Stories:

• A Root-less X Server Nears Reality(Jul 06, 2009)
• Encrypt data in Linux/Unix(Jul 01, 2009)
• 10 mistakes new Linux administrators make(Jun 30, 2009)
• Evolution of a Linux Geek(Jun 22, 2009)
• "Permissions on the password database may be too restrictive"(Jun 11, 2009)
• Good Passwords(Jun 06, 2009)
• Snooping For Usernames And Passwords Over SSH Using Strace On Linux(May 28, 2009)
• Gedit won't save to SSHFS mount, cured(May 19, 2009)
• Protecting Your Root Password(May 11, 2009)