On Fri, 25 Nov 2005, Maxim Vexler wrote:
On 11/25/05, Robert Brockway <[EMAIL PROTECTED]> wrote:
Anyone wanting to lock the root account (not a good idea IMHO) should
have a root enabled session (sudo, su or whatever) put to the side and
not touched during the procedure. This session would be used only to
reverse the procedure if it was found that establishing superuser privs
was no longer possible in new sessions.
In the worst case, couldn't someone just boot from a livecd, run
[passwd root], then [cat /etc/shadow | grep root] on the livecd and
finally simply copying that entry into the locked out system shadow
file ?
Sure but this involves bringing the system down. If you don't allow the
three fingered salute on the console to reboot or halt the system then it
involves bringing the system down badly. If we are talking of a
production system this is a _very bad thing_ even after hours.
Rob
--
Robert Brockway B.Sc. Phone: +1-416-669-3073
Senior Technical Consultant Email: [EMAIL PROTECTED]
OpenTrend Solutions Ltd. Web: www.opentrend.net
We are open 24x365 for technical support. Call us in a crisis.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
