Re: [root user] How to disable root account?
On Thu, 1 Dec 2005 09:24:28 -0600 Dave Sherohman wrote:
> sudo is great for tracking who does what as root and for preventing
> yourself from accidentally doing something with greater powers than
> intended, but it can very easily be counterproductive if your intent
> is to increase resistance to unauthorized access.
The sudo/wheel approach is also a handy one when you want to update
the root password regularly, but you do not want to tell it to
everyone. Say you work in an heterogenous enterprise with lots of
admins having their unix workstation. They need root permissions on
their desktop machine, but you do not want to distribute the root
password (lacking the encrypted channel to reach everyone for example).
Then you can add them to the wheel group and give them a root
shell that way. Meanwhile you can update the root password
without any problem.
Ubuntu follows this road a bit further by setting a random root
password nobody actually knows. This seems consequent to me. But
having to explain to my boss why i do not know the root password of
our linux workstations did not seem that attractive.
Christian Folini - mailto:email@example.com