On Thu, Jun 3, 2010 at 10:04 AM, <aidal...@no8wireless.co.nz> wrote: > Peter Glassenbury (CSSE) wrote: >> Sorry not even at a university lab... If someone wants to brute force >> our root account, they obviously have not enough work to do. >> Our logging should find the attempts... >> Like Volker, I have yet to be convinced of the point of typing >> "sudo " in front of all the commands I want to run as root. >> When it becomes reflex, you are going to make the same mistakes >> as if you login as root. > > > True, because the attack would have to be carried out manually, so you > could just pull out the crow bar and stand outside the lab when it > happens, not to mention that it would take forever to reach, say, 100 > attempts, which would hardly make a dent (so to speak). > > There are pros and cons of either choice. For me, it's pointless to > have a root password, because I can never remember what it is, and I > usually only want to execute one command as root at a time, anyway. > But that's just my preference. I can imagine that Pete boots the lab > machines into single-user mode, for which he needs the root password, > to diagnose problems. Even if that was disabled, there could still > only be one password for admins: the BIOS password (for booting from a > CD, for example). >
physical access means root access!
