[scponly] scponly for root user

Johan Heikkilä johan.heikkila at gmail.com
Fri Sep 16 12:52:05 EDT 2011


2011/9/16 wbr oblyr <joe at sublimation.org>:
> I want to stress that the problem here isn't that "allowing root login
> is insecure" - the problem is that changing the root shell to a
> non-interactive shell may have adverse effects on the health your
> system.  There are a few areas where the system may use the root shell
> in unexpected ways, such as booting single user mode in the event of
> disaster recovery, or maybe processing crontab entries for example.
> Testing these various concerns will vary from system to system as
> scponly runs across many types of UNIX, I'd be wary of accepting
> someone else's testimony of whether any given subsystem was ok with
> this change or not.
>
> Of course, it's up to you, I'm just volunteering an opinion.
>
> joe
>

That's true. It should be tested and outcome could vary from system to system.

Regards,
Johan



More information about the scponly mailing list