[Xastir] FIXED No iGate, please help
Jason KG4WSV
kg4wsv at gmail.com
Thu Feb 16 08:08:31 PST 2017
> On Feb 16, 2017, at 9:19 AM, Den <W2DEN at comcast.net> wrote:
>
> I'll let you explore how to create a root password, which I recommend. Obviously those with more knowledge think we commoners, and the owner of the Pi, should not use.
Well, the problem was that you shot yourself in the foot by running something as root. Maybe they're onto something.
sudo is configured on by default for the pi user. Use of sudo instead of using a full root shell (su or sudo bash) or even worse logging in a root is considered best practice for security reasons. Using sudo allows minimal privilege escalation to accomplish a task and consequently minimizes risk.
If your pi is to be exposed to the internet, or maybe even on a home network, the passwords _should_ be changed for both the pi and root users. Default passwords are extremely insecure - there are days when I see over 10k brute force login attempts against a dozen or so systems, where attackers are looking for me and my users to rely on default or dumb passwords.
-j
More information about the Xastir
mailing list