Re: [root user] How to disable root account?
Christian Folini said...
> On Thu, 1 Dec 2005 09:24:28 -0600 Dave Sherohman wrote:
> > sudo is great for tracking who does what as root and for preventing
> > yourself from accidentally doing something with greater powers than
> > intended, but it can very easily be counterproductive if your intent
> > is to increase resistance to unauthorized access.
> The sudo/wheel approach is also a handy one when you want to update
> the root password regularly, but you do not want to tell it to
> everyone. Say you work in an heterogenous enterprise
I hope you meant heterogeneous! Though it would be true to say that many
sys admins are heterogenous. It's usually safer to say 'diverse' to
avoid this one ;-)
Handy tip, though.
> with lots of
> admins having their unix workstation. They need root permissions on
> their desktop machine, but you do not want to distribute the root
> password (lacking the encrypted channel to reach everyone for example).
> Then you can add them to the wheel group and give them a root
> shell that way. Meanwhile you can update the root password
> without any problem.