[TriLUG] Privileges and Social Engineering
Mike Fieschko
mike.fieschko at verizon.net
Fri Jun 11 21:30:28 EDT 2004
On Fri Jun 11, Jeff wrote:
[snip]
> This is scary because if Linux ever became mainstream,
> viruses could be a real problem. Imagine this: A user
> buys a computer and installs Linux. He puts in a password
> for the root user. It says "You should create a normal
> user for day-to-day tasks." He doesn't care... its just
> more to deal with when installing things and whatnot like
> that.
>
> All of the installers I've seen are worded similar to this.
> There's a root user for admin purposes, and then you can
> create a user if you want to, but most people are too lazy.
>
> So I got to thinking: would a simple change in the wording
> be enough to convince users that they need a separate
> account from just root? What if it were worded like this:
>
> "Linux is designed at the core to thwart viral intrusions.
[snip]
One of the Mandrake security levels doesn't allow any root login. I hope that Mandrake's install requires a nonroot account, especially if that security level is selected. You can still do `su root` or `su - root`, of course. My $0.02: if a box has a NIC, or if networking is otherwise set up, then no root login ought to be allowed.
No matter how the installer words the warning, it'll be ignored by folks, just as motd is.
More information about the TriLUG
mailing list