[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwordless root login

On Sun, 12 Oct 2003, J. Bruce Fields wrote:

> On Mon, Oct 13, 2003 at 10:15:16AM +0800, Sacha Chua wrote:
> > "J. Bruce Fields" <bfields@fieldses.org> writes:
> >
> > > I'd like to configure a debian box to allow root logins without a
> > > password; what do I need to do?  The relevant line in the password file
> > > is
> > > root::0:0:root:/root:/bin/bash
> > > I thought the empty password field would do the job, but apparently not.
> > > There is no /etc/shadow file.
> >
> > You probably don't want to do that, as that will give everyone access
> > to everything on your box.
> As far as I know I don't have anything (sshd, ftpd, etc.) installed that
> allows remote logins.  I'm willing to trust anyone who has access to the
> console.
> Anyway, to answer my original question, it looks like what I needed to
> do (in addition to making sure there was no root password in
> /etc/passwd) was add "nullok" after some pam_unix.so's in the files in
> /etc/pam.d/.
> --Bruce Fields
Hi Bruce,
while you may say that anyone with physical access to you box is to
trusted, there are more reasons not to have a box with only 'root' than
vise vera. Any normal *nix setup always ask you to create at least one
user account. Why? Because all root commands can do damage and all commands do
not need root. So, if you login as any user, you already limit any damage
to your nice box. And if the person trys a command like 'rm -rf'  and
forgets to 'su' or 'sudo', if will just be one more safeguard. It requires
that you think a moment before you do a command and use the 'su' or
'sudo'. It may save you box from begin 'toast' from a mistyped command.

Reply to: