On 10/13/05, Anthony DiPierro wikispam@inbox.org wrote:
But when we're talking about production boxes in a colo, it shouldn't even be possible to log in as root.
Uh, sure, right. So how do you propose to do maintenance on this box?
*Somebody* has to be able to log in as root. That person is capable of destroying the system. Even if the immutable flag is set on the root (because said person can always clear that flag). And if nothing else there's always the technique of taking a shotgun to the server.
Kelly