Ron Johnson wrote:
On Fri, 2003-11-07 at 07:55, J. Bruce Fields wrote:Why not? They already have physical access to the machine, what more would you give up to them by telling them the root password? For a home computer, I don't see much reason not to just stick the root password on a post-it note on the monitor.... You already trust anyone that's in a position to see it.And if a not-so-trustworthy "friend" or acquaintance wanders by, he can destroy you. The all-privilege sudo is the best idea, since the actions are audited.
Who cares? If a not-so-trustworthy anyone is there when you're not, the game is over. Physical access == no security. And the auding of full sudo is trivial to circumvent.
sudo vim /etc/network/interfaces :!bash Anything done in this shell (which is running as root) will not be audited. or <reset> init=/bin/bashInsta-root, no password needed. No auditing. Works with just about any boot loader. Passworded boot loaders can be bypassed by bootable media. Passworded bios can be reset. And for the truly hard core, the hard drives can be removed, and remounted in another machine, modified, then reinstalled (yes, I'm wearing my tin foil hat today).
If it were me I'd either just give them the root password or sudo.You could always do the low-tech method. Put the root password in a sealed evelope in your desk drawer. When needed, the seal can be broken and the password used. Post-use, change the password and put a new sealed evelope in the desk drawer. Either way its honor system based. Sudo implies trust not to abuse it as does giving the root password.
-- Mental (Mental@NeverLight.com) CARPE NOCTEM, QUAM MINIMUM CREDULA POSTERO. GPG public key: http://www.neverlight.com/pas/Mental.asc