Re: [root user] How to disable root account?
On 11/26/05, Fredrik <firstname.lastname@example.org> wrote:
> email@example.com wrote:
> > On Fri, Nov 25, 2005 at 01:33:34PM +0200, Maxim Vexler wrote:
> >>On 11/25/05, Robert Brockway <firstname.lastname@example.org> wrote:
> >>>Anyone wanting to lock the root account (not a good idea IMHO) should have
> >>>a root enabled session (sudo, su or whatever) put to the side and not
> >>>touched during the procedure. This session would be used only to reverse
> >>>the procedure if it was found that establishing superuser privs was no
> >>>longer possible in new sessions.
> >>In the worst case, couldn't someone just boot from a livecd, run
> >>[passwd root], then [cat /etc/shadow | grep root] on the livecd and
> >>finally simply copying that entry into the locked out system shadow
> >>file ?
> > That's doing it the hard way. Just pass "init=/bin/sh rw" to the kernel
> > with your bootloader, and do:
> > # passwd root
> > # mount -o ro,remount / && reboot
> > If your bootloader has a password and you've lost that, you can use a
> > boot disk, but you still shouldn't muck around with the passwd & shadow
> > files directly, probably ever. Just mount the root filesystem and
> > chroot /mnt passwd (or visudo) as root.
> Well, to hack a PC with physical access is easy.
> That is why i'm krypted my hd with blowfish-256.
> It will take thousands of years to hack :-)
And would render data recovery in case of HD failure impossible.
I really don't think that for a regular home user block level hd
encryption is a good idea.
That is unless you maintain a strict backup policy and use a raid1 / 5
/ 10 data duplication storage OR you really do have something to hide
Maxim Vexler (hq4ever).
Do u GNU ?