i guess i am trying to set it up like i have my freebsd machine... the root password can only be accessed locally on the machine unless the user is in the wheel group then that user can 'su' as root.
-----Original Message----- From: Richard Kilgore [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 1:05 PM To: Gentoo Subject: Re: [gentoo-user] login question On Fri, Feb 14, 2003 at 10:54:57AM -0800, Alan wrote: > On Fri, Feb 14, 2003 at 12:46:49PM -0600, Henning, Brian wrote: > > Hello- > > i login as root to my gentoo machine right now with a password like all the > > other users on the machine. what i would like to do is remove the root > > password and allow another user to su in the machine. I know that user must > > be in the same group 'wheel'. what file should i edit to remove the password > > for root? are there any other things i should be concerned about? > > Well, first of all I think that removing the root password is a Very > Very Bad Idea(tm). If you only want to let another user log in as root > (other than yourself I presume) why not just let them use a password. > > Things you should be concerned about are numerous. You're talking about > allowing superuser access to your machine with NO PASSWORD. Think about > it. > > > -- > Alan <[EMAIL PROTECTED]> - http://arcterex.net > --------------------------------------------------------------------- > "The only thing that experience teaches us is that experience teaches > us nothing. -- Andre Maurois (Emile Herzog) > > -- > [EMAIL PROTECTED] mailing list I think he means put a fake password in /etc/passwd that cannot be generated by the password one-way encryption algorithm (md5 on gentoo?). Anyway, the only thing I can think of is that you would not be able to boot the system to single-user mode. But you can still boot with the "init=/bin/sh" kernel parameter, so that's not really a problem. But why not just choose a really hard to guess root password? Something like h2Qm2.74? If Alan was right about what you want, try emerging sudo, and put a line like the following in /etc/sudoers: friend ALL=(ALL) NOPASSWD: ALL This allows the user friend to do things like: % sudo shutdown -r now or: % sudo /bin/bash - richard -- Richard Kilgore [EMAIL PROTECTED] -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list