Re: [root user] How to disable root account?

To: Fredrik <fredrick@thegate.nu>
Cc: debian-user@lists.debian.org
Subject: Re: [root user] How to disable root account?
From: Maxim Vexler <hq4ever@gmail.com>
Date: Sat, 26 Nov 2005 20:38:09 +0200
Message-id: <[🔎] b400c69a0511261038w1b5b0052nf3ccc5f3ec0fc5e9@mail.gmail.com>
In-reply-to: <[🔎] 4388A2CF.1080204@thegate.nu>
References: <[🔎] 4385DD74.8050200@abulafia.it> <[🔎] 20051124150022.GA20910@miami.familiasanchez.net> <[🔎] 43861361.1000501@yahoo.com> <[🔎] 87y83dx2fz.fsf@lucien.dreaming> <[🔎] Pine.LNX.4.64.0511250445570.31157@mimosa.opentrend.net> <[🔎] b400c69a0511250333o732e568es13c1ad1edee3fd47@mail.gmail.com> <[🔎] 20051126173955.GA16123@jerkface.net> <[🔎] 4388A2CF.1080204@thegate.nu>

On 11/26/05, Fredrik <fredrick@thegate.nu> wrote:
> d@jerkface.net wrote:
>
> > On Fri, Nov 25, 2005 at 01:33:34PM +0200, Maxim Vexler wrote:
> >
> >>On 11/25/05, Robert Brockway <rbrockway@opentrend.net> wrote:
> >>
> >>>Anyone wanting to lock the root account (not a good idea IMHO) should have
> >>>a root enabled session (sudo, su or whatever) put to the side and not
> >>>touched during the procedure.  This session would be used only to reverse
> >>>the procedure if it was found that establishing superuser privs was no
> >>>longer possible in new sessions.
> >>
> >>In the worst case, couldn't someone just boot from a livecd, run
> >>[passwd root], then [cat /etc/shadow | grep root] on the livecd and
> >>finally simply copying that entry into the locked out system shadow
> >>file ?
> >
> >
> > That's doing it the hard way.  Just pass "init=/bin/sh rw" to the kernel
> > with your bootloader, and do:
> > # passwd root
> > # mount -o ro,remount / && reboot
> >
> > If your bootloader has a password and you've lost that, you can use a
> > boot disk, but you still shouldn't muck around with the passwd & shadow
> > files directly, probably ever.  Just mount the root filesystem and
> > chroot /mnt passwd (or visudo) as root.
> >
> >
> Well, to hack a PC with physical access is easy.
> That is why i'm krypted my hd with blowfish-256.
>
> It will take thousands of years to hack :-)
>

And would render data recovery in case of HD failure impossible.
I really don't think that for a regular home user block level hd
encryption is a good idea.

That is unless you maintain a strict backup policy and use a raid1 / 5
/ 10 data duplication storage OR you really do have something to hide
;)

--
Cheers,
Maxim Vexler (hq4ever).

Do u GNU ?

Reply to:

Follow-Ups:
- Re: [root user] How to disable root account?
  - From: d@jerkface.net

References:
- [root user] How to disable root account?
  - From: belbo <andrea.ballatore@gmail.com>
- Re: [root user] How to disable root account?
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
- Re: [root user] How to disable root account?
  - From: Marc Shapiro <mshapiro_42@yahoo.com>
- Re: [root user] How to disable root account?
  - From: bkhl@elektrubadur.se (Björn Lindström)
- Re: [root user] How to disable root account?
  - From: Robert Brockway <rbrockway@opentrend.net>
- Re: [root user] How to disable root account?
  - From: Maxim Vexler <hq4ever@gmail.com>
- Re: [root user] How to disable root account?
  - From: d@jerkface.net
- Re: [root user] How to disable root account?
  - From: Fredrik <fredrick@thegate.nu>

Prev by Date: kdevelop on debian sarge 3.1 KDE
Next by Date: Re: [HDD problem] Strange remount read-only
Previous by thread: Re: [root user] How to disable root account?
Next by thread: Re: [root user] How to disable root account?
Index(es):
- Date
- Thread