Re: to allow root logins or not?

To: debian-user@lists.debian.org
Subject: Re: to allow root logins or not?
From: Bob McGowan <bob_mcgowan@symantec.com>
Date: Mon, 23 Apr 2007 09:47:07 -0700
Message-id: <[🔎] 462CE30B.5030401@symantec.com>
In-reply-to: <[🔎] 1177126388.8856.67.camel@princess.gregfolkert.net>
References: <[🔎] 1177102431.3090.36.camel@dogen.gateway.2wire.net> <[🔎] 1177126388.8856.67.camel@princess.gregfolkert.net>

Greg Folkert wrote:

On Fri, 2007-04-20 at 15:53 -0500, Default User wrote:

Gee, I hate to ask another question, but -

During an Etch install, it asks if I want to allow root logins.  If not,
no root account is set up (I guess as a security measure), and all admin
access is done by sudo.  Now I normally do almost all admin work as
sudo, but is there a downside to not having an actual root account.
That is, might there be instances when something really should (or must)
be done in a real root account (not sudo), and with no root account, the

user is "hung up"?


Not recommended, but possible:

        sudo su -

or if X is needed:

        sudo sux -

Make sure you "sudo aptitude install sux" for the second one.

As I understand the OP's question/statement, the question in the installappears to be whether to create the 'account' for root or not. Itapparently does not say it will create an account without login privileges.

Since both 'su' and 'sudo' commands require an account for validation ofthe user name and determination of privilege, I would assume the rootaccount is in fact created but with a shell such as '/bin/false' or withan 'impossible' password, so as to prevent logging in while stillallowing use of either 'su' or 'sudo'.

This would effectively prevent login to single user mode via 'sulogin',since it requires a password.

In those cases where the startup process drops a user into a root levelshell without prompting for a password (this can happen very early inthe boot sequence, for example if an fsck of / fails and the disk isunreadable), all would be well.

Given that sometimes root level access is required through 'single user'mode, I'd strongly encourage allowing root login. Just be sure to use avery good password and don't abuse the privilege of being root.

If you really want to not have root login, you would need to have arescue CD or equivalent method of booting the system, to fix anythingthat couldn't be handled by a normal startup from the boot hard disk.Though these may be quite rare, they can happen.

Bob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply to:

References:
- to allow root logins or not?
  - From: Default User <xyzzyx@sbcglobal.net>
- Re: to allow root logins or not?
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: Re: Unable to recompile kernel and/or rt61 since upgrade
Next by Date: Re: Help with NTFS & FAT32
Previous by thread: Re: to allow root logins or not?
Next by thread: Re: to allow root logins or not?
Index(es):
- Date
- Thread