Stupid... but cool as hell. There is such a fine line between stupid and clever.
PF + AltQ, a ZFS raidz array, and booting from a CF card. Excellent job, kudos to the FreeBSD team!
I find it hard to believe that the folks whining (I'm sorry, "bitching") about sudo usage are sysadmins on servers, and certainly not servers that are depended on by others. This policy is a good idea on any system that you can access remotely (thus making it a "server"). Running an internet connected server like a five year old is selfish and it should not be a surprise that it is discouraged.
Presumably when doing system operations, you will do as little as root as possible. Therefore sudo is not much of an inconvenience. Yes, you could prepend a destructive command with sudo, but you would have to be twice as stupid.
If remote root logins are disabled, then you cannot (remotely) guess the root password.
I read your post as:
"I am so good, and so careful, I would never, ever make a mistake as root."
Good luck to you on production servers, and may your employer and clients have mercy on your soul.
Look, admit it: running commands as root is a convenience for you, and you are willing to make the obvious tradeoff in stability and security. But don't imply that others are as gifted as you are in avoiding simple mistakes that are catastrophic as root.
This touches on another point, that is being "root" at any time other than sysinstall. FreeBSD has never (by default) allowed root logins via SSH, and I will always contend that is a "good thing". If you access a system via SSH, it is a server. If you are on a shell session on a server, you should NEVER be root-- that's what sudo is for.
If you whine about this, you are indeed a poor sysadmin. It reminds me of my friend who habitually texts while driving. "But I have never been in an accident," he says. How selfish, putting his convenience above the safety of those around him.
I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.
Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.
- FreeBSD 7 (AMD64)
- MySQL 5.1.30
- Apache 2.2 (worker MPM)
- PHP 5.2.8 (or HTML::Mason)
What is the responsiveness of the system under load? Openssl speed? bonnie++?