Re: [root user] How to disable root account?
On Fri, 2 Dec 2005 13:34:37 + Dick Davies <[EMAIL PROTECTED]> wrote: >> Then you can add them to the wheel group and give them a root >> shell that way. Meanwhile you can update the root password >> without any problem. > What would be the point of updating the root password in this case? In our case there are a couple of dozens of sysadmins that want to have root access on their local box and six or eight sysadmins that do the operation of these workstations (and some 200 servers in their spare time). The latter six or eight people have the root password to do remote stuff. As mentioned before, they could work with sudo and service accounts for login too. But we do not do it that way. Six or eight people with the root password makes a good reason to update it regularly. >> Ubuntu follows this road a bit further by setting a random root >> password nobody actually knows. > That's untrue, and would be a very bad idea. Seems i am following a myth here. I must have read it during last winter in the ubuntu forum. http://ubuntuforums.org/printthread.php?t=31053 I sure saw it last week on zdnet: http://reviews.zdnet.co.uk/software/os/0,39024175,39237493,00.htm Thank you for your clarification. Christian -- Christian Folini - <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [root user] How to disable root account?
On Thu, 1 Dec 2005 19:49:10 +0100 Wim De Smet wrote: > sudo passwd lets you set the root password of course. :-) Yeah, that's why we distribute the hash of the root password via a debian package. :) (And the machines do an update/upgrade regularly.) I think this approach works quite well in a desktop environment. Of course publishing the root password hash is insecure. But installing the hash on a machine people have physical access to, is just as insecure. cheers, Christian P.S. Thx for the hint Marc. I thought it was save to translate 1:1 from German. The 2 languages are so diverse in many ways. -- Christian Folini - mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [root user] How to disable root account?
On Thu, 1 Dec 2005 09:24:28 -0600 Dave Sherohman wrote: > sudo is great for tracking who does what as root and for preventing > yourself from accidentally doing something with greater powers than > intended, but it can very easily be counterproductive if your intent > is to increase resistance to unauthorized access. The sudo/wheel approach is also a handy one when you want to update the root password regularly, but you do not want to tell it to everyone. Say you work in an heterogenous enterprise with lots of admins having their unix workstation. They need root permissions on their desktop machine, but you do not want to distribute the root password (lacking the encrypted channel to reach everyone for example). Then you can add them to the wheel group and give them a root shell that way. Meanwhile you can update the root password without any problem. Ubuntu follows this road a bit further by setting a random root password nobody actually knows. This seems consequent to me. But having to explain to my boss why i do not know the root password of our linux workstations did not seem that attractive. regs, Christian Folini -- Christian Folini - mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
