On Mon, Feb 3, 2014 at 8:41 PM, Jima <[email protected]> wrote: > Since I haven't seen anyone address it, you probably don't want to > completely invalidate root's password, on the off-chance the system ends up > booted into single-user mode (e.g., in the event an at-boot fsck softfails). > Sure, there are ways around it (booting with init=/bin/sh for instance), but > it's something to keep in mind.
I disagree. The security benefits of disabling root by far outweigh the drawbacks of the rare occurrence you speak. Also, as you already mentioned, the solutions are simple and many. In addition, disabling root enforces good admin practice. Admins should not use a single shared account (root, Administrator, etc). This enables better authentication, authorization, and accounting. Enables simple, non-intrusive disabling of an administrator's access should they leave the company. And many others. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
