On 11/25/05, Robert Brockway <[EMAIL PROTECTED]> wrote: > On Thu, 24 Nov 2005, Björn Lindström wrote: > > > passwd -l simply sets the password to a value matching no > > passwords. sudo works by running SUID root, and so does not depend on a > > root password in any way. > > Actually that depends on how sudo is configured. In some configurations > sudo does depend on the root password (rather than the user a/c password) > for authentication. > > Anyone wanting to lock the root account (not a good idea IMHO) should have > a root enabled session (sudo, su or whatever) put to the side and not > touched during the procedure. This session would be used only to reverse > the procedure if it was found that establishing superuser privs was no > longer possible in new sessions. > > Rob > > -- > Robert Brockway B.Sc. Phone: +1-416-669-3073 > Senior Technical Consultant Email: [EMAIL PROTECTED] > OpenTrend Solutions Ltd. Web: www.opentrend.net > We are open 24x365 for technical support. Call us in a crisis. >
In the worst case, couldn't someone just boot from a livecd, run [passwd root], then [cat /etc/shadow | grep root] on the livecd and finally simply copying that entry into the locked out system shadow file ? -- Cheers, Maxim Vexler (hq4ever). Do u GNU ?