[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [root user] How to disable root account?

On Thu, 1 Dec 2005 09:24:28 -0600 Dave Sherohman wrote:
> sudo is great for tracking who does what as root and for preventing
> yourself from accidentally doing something with greater powers than
> intended, but it can very easily be counterproductive if your intent
> is to increase resistance to unauthorized access.

The sudo/wheel approach is also a handy one when you want to update 
the root password regularly, but you do not want to  tell it to 
everyone. Say you work in an heterogenous enterprise with lots of 
admins having their unix workstation. They need root permissions on 
their desktop machine, but you do not want to distribute the root
password (lacking the encrypted channel to reach everyone for example).

Then you can add them to the wheel group and give them a root
shell that way. Meanwhile you can update the root password 
without any problem.

Ubuntu follows this road a bit further by setting a random root 
password nobody actually knows. This seems consequent to me. But 
having to explain to my boss why i do not know the root password of 
our linux workstations did not seem that attractive.


Christian Folini

Christian Folini - mailto:christian.folini@netnea.com

Reply to: