[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [root user] How to disable root account?

On Wed, Nov 30, 2005 at 11:23:17PM -0500, gnrfan wrote:
> Ubuntu uses sudo. I also use it in my Debian box. Basically most
> unices have a "wheel" group. You can add your account to that group
> and then run the "visudo" to leave /etc/sudoers with a line like
> this one:
> %wheel  ALL=(ALL)       NOPASSWD: ALL
> Or this (if you want your account's (not root) password to be asked
> for every time you want to run commands like root:
> %wheel        ALL=(ALL)       ALL

I don't know what your objective is in disabling root, but, if it's
to make your system more secure against attackers, be aware that this
(or any sudo-based approach, really) will make matters worse, not
better.  If you have 5 user accounts in wheel (or who otherwise have
unlimited access to superuser powers via sudo), then that's five
accounts which can be cracked and used to take over your machine
rather than just one.  (Some improvement is possible in that an
attacker won't know the name of the account(s) he needs to crack,
but, if he has any way of retrieving your system's valid user names
(say, from email addresses), then this is an extremely flimsy

sudo is great for tracking who does what as root and for preventing
yourself from accidentally doing something with greater powers than
intended, but it can very easily be counterproductive if your intent
is to increase resistance to unauthorized access.

The freedoms that we enjoy presently are the most important victories of the
White Hats over the past several millennia, and it is vitally important that
we don't give them up now, only because we are frightened.
  - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)

Reply to: