From: Green, Simon (Simon.Green@EU.ALTRIA.COM)
Date: Sun Mar 02 2003 - 14:51:35 EST
There are obviously some security implications for leaving root logged on.
Probably not too bad if it's in a physically secure location.
I've had problems with this sort of thing in the past. Our SP2 CWS is an
F50 with a graphics console. Sometimes, people leave this logged on,
(despite the big red label telling them not to!). When I'm over there
trying to do some work it's a real pain if I don't know the password. This
is probably not so much of a problem with root, as anyone who's actually
permitted to use the console probably knows the root password.
I've also had problems in the past with CDE screen-savers and the monitor's
power-save features. Sometimes I've found it difficult to actually enter
the password to unlock the session. (I know how to do this, now, but it's
still a bit fiddly.)
There's potential for inconvenience if you're doing remote support and want
to log that root session off for any reason.
I still think that the best solution to the problem is to have a good
monitoring system so that you can take action before things impact your
users.
Simon Green
Altria ITSC Europe s.a.r.l.
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l
<http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2> &r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
<http://www.faqs.org/faqs/aix-faq/>
N.B. Unsolicited email from vendors will seldom be appreciated.
-----Original Message-----
From: Adams Kevin J [mailto:kevin.adams@PHS.COM]
Sent: 27 February 2003 19:09
To: aix-l@Princeton.EDU
Subject: Re: accessing a system with high load
I never thought to leave a "locked" root session on the physical console. It
sounds like a good idea in general.
The only way I know to do this is via the lock command as in "lock -0" to
never time out.
Is this safe? Any comments? Any better ways?
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:37 EDT