Bruce Hayden wrote:
The point is that sulogin *is* called from multiple places, so if
you're going to get rid of the root password (Rob's point) you either
get to modify all the places that invoke sulogin (I find 3 scripts in
/etc/init.d, plus /etc/inittab, and there could be more) or you modify
/sbin/sulogin. In either case, you have "local mods" to maintain,
which has its drawbacks, of course..
It's your foot, you can shoot it any way you want; I'd rather keep the
need for root around.
I'd also think about what each of those use root password for and leave
the original sulogin code in place (even if just renamed) just in case
it's needed in the future. Better yet, I'd update /etc/inittab and other
places with the code I'd want instead (like /sbin/nosulogin), so that
any maintenance wasn't messed with in the future, and updates didn't
just step on the new code.
I don't just blindly remove security functions just because it "gets in
the way". Ive even set up ssh keys with non-null passphrases as well as
ssh-agent, to verify it's me and not someone who scarfed up my key
without my knowledge.
Kim
On 8/22/07, Mark Post <[EMAIL PROTECTED]> wrote:
Oooh, I can't agree with that. Replacing a system module that might get called
from multiple places isn't a good idea. Updating /etc/inittab to invoke bash
would be much better (and is what I do with Slack/390).
Mark Post
--
Bruce Hayden
Linux on System z Advanced Technical Support
Endicott, NY
---
Kim Goldenberg
Systems Programmer I
State of NJ - OIT
609-777-3722
[EMAIL PROTECTED]
[EMAIL PROTECTED]
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
