[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [root user] How to disable root account?

Christian Folini said...
> On Thu, 1 Dec 2005 09:24:28 -0600 Dave Sherohman wrote:
> > sudo is great for tracking who does what as root and for preventing
> > yourself from accidentally doing something with greater powers than
> > intended, but it can very easily be counterproductive if your intent
> > is to increase resistance to unauthorized access.
> The sudo/wheel approach is also a handy one when you want to update 
> the root password regularly, but you do not want to  tell it to 
> everyone. Say you work in an heterogenous enterprise

I hope you meant heterogeneous! Though it would be true to say that many 
sys admins are heterogenous. It's usually safer to say 'diverse' to 
avoid this one ;-)

Handy tip, though.

> with lots of 
> admins having their unix workstation. They need root permissions on 
> their desktop machine, but you do not want to distribute the root
> password (lacking the encrypted channel to reach everyone for example).
> Then you can add them to the wheel group and give them a root
> shell that way. Meanwhile you can update the root password 
> without any problem.


Reply to: