Re: How to gain control over the system?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Jul 12, 2017 at 08:30:12AM -0400, RavenLX wrote:
[...]
> To remove the root password so root can't log in again:
>
> sudo passwd -l root
I've been following this back-and-forth for a while. Yes, I think it's
a good idea to use the root account as little as possible. Myself, I
use sudo in the overwhelming majority of cases.
But I learnt the hard way that sometimes it's a good idea to keep a
root account (with a corresponding password!) around.
When the system boots and the root file system is corrupt (or a
similar early-boot problem happens), you find yourself staring at
a message more or less looking like that:
Please enter your root password to start a rescue shell:
(message is from memory, but you get the -uh- message).
This was shortly after Debian convinced me that having a root password
is The Evil Itself.
Duh.
I'm wiser now.
(Yah, there is a workaround for that: a rescue disk, and that's how
I got myself out of that, but hey).
Of course: no remote login as root (sshd_config). Use sudo in normal
life (it's more comfortable, anyway). All that. Use a hard-to-guess
root password (pwgen -n 16, for me).
But. A root password doesn't make your system more insecure (unless
it opens up one more remote access). And sometimes, just sometimes
you wish you had one :-)
Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAllmIlkACgkQBcgs9XrR2kbbrQCeMEk2yo4l//4fQ6EmfVKZdCI8
NO8An3h/C2QqwlJU77AjzwDo0y5eRQYe
=dq9G
-----END PGP SIGNATURE-----
Reply to: