|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
normal user for dedicated firewall?
Hi there
Just a very basic question. I've read many arguments against having a regular user(s) for server systems. Most of the arguments against having a regular user are related to not having regular users for servers. The afterboot(8) manpage says that one should create a regular user. I just wanted to know your opinion about whether to have a regular user for a dedicated firewall system. I don't need to log in remotely. Sorry about posting such a trivial question. It's just that i couldn't find anything about this when i googled it. btw i'm extremely happy with my new OpenBSD4.8 system. I've just brought my system up to date with the latest stable version. Works like a charm. Thank you for your time and any replies. |
|
|||
I'm guessing that no you should not have a regular user on a dedicated firewall.
|
|
|||
Quote:
Special-purposed systems aside, systems still need to be administered, & doing so in a responsible strategic manner may save one from making a mistake catastropic which otherwise might have been contained or perhaps prevented by working from a user account. Working from a user account is considered a best practice. It forces one to better understand interconnections, & how to work within restrictions. Administrating from the root account provides less barriers, & people become sloppy because confinements aren't there. Working as root doesn't push one to learn & understand Unix as much as if a user account is consistently used. Mistakes happen. The goal of proficient & effective administration is to have practices in place which minimize unwanted results which frequently are downtime & data loss. Running as root provides no protection, so the math appears pretty clear -- especially for special purposed systems such as firewalls which aren't performing their role if they are down or out-of-date. Become friends with sudo(8). Learn what is needed to keep systems current. Chicks are attracted to those that use sudo(8) to keep their systems current. |
|
|||
I always make extra user accounts on any server or firewall, at the very least I make an 'admin' account. There's no reason to run around will full hardware or file system power (root) when I'm only messing with pf or the samba setup.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Mounting USB as a normal user | rex | FreeBSD General | 23 | 5th March 2012 01:52 PM |
How to Run K3B with normal user openBSD 4.4 | mfaridi | OpenBSD General | 6 | 12th November 2008 10:25 PM |
Wireshark not run in normal user | mfaridi | FreeBSD Ports and Packages | 2 | 7th November 2008 09:49 PM |
Mounting samba share as normal user | rex | FreeBSD General | 4 | 27th October 2008 05:17 PM |
command launched by normal user... | maurobottone | OpenBSD General | 4 | 1st June 2008 03:45 AM |