On Wed, Jun 21, 2006 at 11:54:37AM -0600, Bob Beck wrote: > > IMNSHO, a root password for single user makes the system *LESS* > secure, and I'm dead serious. I would object to any attempt to commit > changes to OpenBSD to have one by default. Why? Real simple: *because > you asked this question*. - Now I'm not just crapping on you, every > new sysadmin I know asks this. The point is, if OpenBSD put a root > password on single user, you might be tempted to think that somehow, > someway, a not-physically secured machine was secure, and be tempted > to deploy it that way.
For those that don't know, many Linux distros do require a password for single user mode, so this question will be asked again many people migrating to OpenBSD. As an example of physical security, when I was a lowly tech support operator at an ISP and worked alone in the data centre at weekends: I got into the habbit of hitting the w key when ever I logged onto a box via ssh, one day I found that the technical director had logged onto the 4th console of a server as himself, and then su'd to root, then went home. Natrually, I hooked the keyboard back up, got the 4th console and played about for a few hours, reading his mail, etc, etc. Oh, those were the days...... Cheers, -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
