11-12-2003
It is really a matter of best practices and proven methods. It goes without saying that root is dangerous.
That being said, there are other reasons as well. All systems have trails that leave fingerprints when we login. Some are so-so, some meet C2 compliance and try to afford an unalterable audit trail that can be used as evidence in a court of law. If a login starts with a general account, it is harder to hold people accountable for their actions.
UNIX as a whole still has a lot of growing up to do. OS390 and the like will never die until proven compartmentalized methods exits where the "all powerful root" doesn't rule. Trusted Solaris is a good step in that direction, but not allowing root to login directly is at least a start.
Is the system that you are speaking of a corporate piece of equipment?
Cheers,
Keith
Last edited by kduffin; 11-17-2003 at 10:53 PM..
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Friends,
I did following exercise
$ echo '' > test
$ od -b test
$ echo "">test
$ od -b test
$echo > test
$od -b test
Every time I got the following output
0000000 012
0000001
But 012 is octal value for new line character .
Even though there is no apperent new line character... (6 Replies)
Discussion started by: j1yant
6 Replies
2. UNIX for Dummies Questions & Answers
Ok what is BSD exactly? I know its a type of open source but what is it exactly? (1 Reply)
Discussion started by: Corrail
1 Replies
3. Programming
Hello. I'm a complete newbie to C programming. I have a C program that wasn't written by me where I need to write some wrappers around it to automate and make it easier for a client to use. The problem is that the program accepts standard input to control the program... I'm hoping to find a simple... (6 Replies)
Discussion started by: Xeed
6 Replies
4. UNIX for Dummies Questions & Answers
Hi Guys,
I've been learning UNIX for the past couple of days and I came across this exercise, I can't get my head around it, so I would be ever so grateful if I could receive some sort of help or direction with this.
Create a file with x amount of lines in it, the content of your choice. ... (3 Replies)
Discussion started by: aforball
3 Replies
5. Shell Programming and Scripting
i am doing ls -la
in the out put , first line is as
total 41621
What is this total? (2 Replies)
Discussion started by: Saurabh78
2 Replies
6. Shell Programming and Scripting
Hi,
Please don't berate me over the simplicity of these questions. I have recently gotten into bash shell scripting and enjoy it quite a bit. One thing I have not found the answer to though is when naming a shell script, what extension is normally used (ie myscript.?)? Also where is the standard... (5 Replies)
Discussion started by: msb65
5 Replies
7. UNIX for Dummies Questions & Answers
I had a script in solaris wich i read data, for example:
Number 1: _
and the cursor use to be in '_' place because in the code of the script i write:
echo "Number 1:\c"
but i copy the script to a linux and the cursor 'jump' to the begining of the next line like:
Number 1:... (2 Replies)
Discussion started by: lestat_ecuador
2 Replies
8. UNIX for Dummies Questions & Answers
hi everybody;
trying to c unix programming and ive stucked with a problem:
simple program
filedr=open("tempfile",O_RDWR|O_TRUNC,0);
write(filedr,msg1,6);
int i;
i=read(filedr,msg3,4);
it returns 0 bytes read ... why?
well if i try to poll() before read , it doesnt indicate POLLHUP or... (4 Replies)
Discussion started by: IdleProc
4 Replies
9. Shell Programming and Scripting
I am having trouble making this statement work. I am passing in a number value for the number of days to keep archive logs for and wanted to make sure that it is a number. I have a script that will return 1 for is a number and 0 for is not a number. I also want to make sure that the number is not... (2 Replies)
Discussion started by: gandolf989
2 Replies
10. Red Hat
Cheers!
In /etc/syslog.conf, if an error type is not specified, is it logged anywhere (most preferable is it logged to /var/log/messages) or not?
To be more precise I am interested in error and critical level messages. At default these errors are not specified in syslog.conf, and I need to... (6 Replies)
Discussion started by: dr1zzt3r
6 Replies
CHSH(1) User Commands CHSH(1)
NAME
chsh - change login shell
SYNOPSIS
chsh [options] [LOGIN]
DESCRIPTION
The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change
the login shell for her own account; the superuser may change the login shell for any account.
OPTIONS
The options which apply to the chsh command are:
-h, --help
Display help message and exit.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-s, --shell SHELL
The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.
If the -s option is not selected, chsh operates in an interactive fashion, prompting the user with the current login shell. Enter the new
value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of [ ] marks.
NOTE
The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser,
and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing /bin/rsh
in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell
back to its original value.
FILES
/etc/passwd
User account information.
/etc/shells
List of valid login shells.
/etc/login.defs
Shadow password suite configuration.
SEE ALSO
chfn(1), login.defs(5), passwd(5).
shadow-utils 4.5 01/25/2018 CHSH(1)