[Xastir] FIXED No iGate, please help
Den
W2DEN at comcast.net
Thu Feb 16 08:44:36 PST 2017
Well, I stumbled on this anomaly and it looks like others have too where
you can 'shoot yourself'. Get locked out and not be able to get back in.
And so far, there is no recovery, except logging in as root. There are
way too many shoddy tutorials on the web that lure users into pulling
the trigger. "sudo su" then down the page "xstart" BAM
I'd prefer to have more control over my guns rather than to have them go
off unintentionally.
Of course, change the Pi password and create a root password. Both
should be strong. Don't think I advised differently? Actually am tired
of helping people who did not take the simplest precautions right up front.
KEN;
perhaps you could advise the new Pi user just how to protect
themselves.... definitely NOT a popular subject on the web
73
Den
On 2/16/2017 11:08 AM, Jason KG4WSV wrote:
>> On Feb 16, 2017, at 9:19 AM, Den <W2DEN at comcast.net> wrote:
>>
>> I'll let you explore how to create a root password, which I recommend. Obviously those with more knowledge think we commoners, and the owner of the Pi, should not use.
> Well, the problem was that you shot yourself in the foot by running something as root. Maybe they're onto something.
>
> sudo is configured on by default for the pi user. Use of sudo instead of using a full root shell (su or sudo bash) or even worse logging in a root is considered best practice for security reasons. Using sudo allows minimal privilege escalation to accomplish a task and consequently minimizes risk.
>
> If your pi is to be exposed to the internet, or maybe even on a home network, the passwords _should_ be changed for both the pi and root users. Default passwords are extremely insecure - there are days when I see over 10k brute force login attempts against a dozen or so systems, where attackers are looking for me and my users to rely on default or dumb passwords.
>
> -j
>
> _______________________________________________
> Xastir mailing list
> Xastir at lists.xastir.org
> http://xastir.org/mailman/listinfo/xastir
>
More information about the Xastir
mailing list