Remotely edit user disk quota

perryh at perryh at
Fri May 29 08:31:25 UTC 2009

Wojciech Puchar <wojtek at> wrote:

> Even 15 seconds of thinking is enough to understand that logging
> to other user and then su - gives completely no extra security.

I don't buy this, given that root's login name is well known :)

If a system accepts remote root logins, an attacker need only guess
or intercept one thing -- the root password -- to log in with root
privileges.  If it does not accept remote root logins, that attacker
must guess or intercept three things:  the login name of a user in
the wheel group, that user's password, and also the root password.

More information about the freebsd-questions mailing list