On Sun, Apr 29, 2012 at 10:20 PM, Jeff Jensen <jjensen at apache.org> wrote: > What are they? Well, looks like this has been discussed already by others, but: 1. keep "open" root prompts from laying around 2. another layer of authentication to prevent: a. you from shooting yourself in the foot b. an attacker from getting full root privileges 3. Logging of all commands executed > Are this thread's recommendations even for my home servers, or is this more > for the shared server environment, a la corporate? Well, both actually. I'm a big proponent of using the same practices no matter what system I'm working on. You're far more likely to do things like use sudo consistently if you do it globally, both on work systems as well as personally. -Erik