[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Detect if root login is disabled?

On Wed, 07 Dec 2011 15:42:12 +0400, Igor Pashev wrote:
07.12.2011 12:53, Daniel Hartwig пишет:

I am looking at Bug#516854 and wondering:

Is there a robust way for a *user* to detect if root login is
disabled?  Would like to perform such a check from an instance of
aptitude running as a user account.

I am aware of the following method which detects the `passwd -l' style
lock, however, it requires read access to /etc/shadow:

io:~# passwd -S root | grep " L " > /dev/null; echo $?
io:~# passwd -l root
passwd: password expiry information changed.
io:~# passwd -S root | grep " L " > /dev/null; echo $?


IMO you can't evaluate all possible situations. Example:

1. Disabled in /etc/passwd (easy checking)
2. Disabled in /etc/shadow (you don't have read access)
3. Disabled in PAM
4. passwd -S: ( from manpage: only root user).

-S This will output a short information about the status of the
	 password for a given account. Available to root user only.)
5. Crazy admin option...

Therefore, there are two options:

1. If you are the admin and you disabled the root user, why you click on "became root"? why you need that aptitude checks if the root user is disabled? Should aptitude print "Eh! your are cool, you disabled the root user"? 2. Disable the option "become root" to print "Run me with sudo"? IMO No, because is only for users like the option 1.

Probably this bug should be closed. Is an only an ease for "rare" situations.

Best Regards,
||// //\\// Rodolfo "kix" Garcia
||\\// //\\ http://www.kix.es/

Reply to: