[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [root user] How to disable root account?

On Fri, 25 Nov 2005, Maxim Vexler wrote:

On 11/25/05, Robert Brockway <rbrockway@opentrend.net> wrote:

Anyone wanting to lock the root account (not a good idea IMHO) should have a root enabled session (sudo, su or whatever) put to the side and not touched during the procedure. This session would be used only to reverse the procedure if it was found that establishing superuser privs was no longer possible in new sessions.

In the worst case, couldn't someone just boot from a livecd, run
[passwd root], then [cat /etc/shadow | grep root] on the livecd and
finally simply copying that entry into the locked out system shadow
file ?

Sure but this involves bringing the system down. If you don't allow the three fingered salute on the console to reboot or halt the system then it involves bringing the system down badly. If we are talking of a production system this is a _very bad thing_ even after hours.


Robert Brockway B.Sc.		Phone:	+1-416-669-3073
Senior Technical Consultant	Email:	support@opentrend.net
OpenTrend Solutions Ltd.	Web:	www.opentrend.net
We are open 24x365 for technical support.  Call us in a crisis.

Reply to: