A *really* secure machine will have a root password that doesn't work
Can neone explain the meaning of this to me? Sankha
Dear Sankha Subhra Som
Since in practical situations, the root password is often shared between 2 or more administrators. Hence to enforce control, root is restricted from logging in directly to the machine completely.
That means that the ideal security configuration is that root is restricted from logging in to the machine remotely and locally. All administrators should log in to the machine using unprivileged accounts and su to root. Thus the sulog will reflect which administrator has logged in and su'ed to the root account.
- Shankar ----- Original Message ----- From: "Sankha Subhra Som" sankha@atc.tcs.co.in To: linuxers@mm.ilug-bom.org.in Sent: Monday, October 21, 2002 2:37 PM Subject: [ILUG-BOM] a secure machine has a root password that doesnt work
A *really* secure machine will have a root password that doesn't work
Can neone explain the meaning of this to me? Sankha -- SANKHA SUBHRA SOM ATC - BIOINFORMATICS TCS KLK BUILDING. HYDERABAD-1 Ph:(040)6787980-1024
An anonymous digitoid
I never resist temptation, because I have found that things that are bad
for
me do not tempt me.
On Tue, 22 Oct 2002, Shankar Ramchandran wrote:
That means that the ideal security configuration is that root is restricted from logging in to the machine remotely and locally. All administrators should log in to the machine using unprivileged accounts and su to root. Thus the sulog will reflect which administrator has logged in and su'ed to the root account.
And having a root password that doesn't work does that how? If the root password doesn't work, then you cannot even su to root.
I think the original statement may have been wrong. The root password needs to work, it should however only be allowed from local terminals. In case of booting in single user mode, or if other user accounts become unusable, this is the only way of getting access to the machine.
----- Original Message ----- From: "Philip S Tellis" philip@konark.ncst.ernet.in To: linuxers@mm.ilug-bom.org.in\
And having a root password that doesn't work does that how? If the root password doesn't work, then you cannot even su to root.
I think the original statement may have been wrong.
True...but i belive that what the statement intended to convey was that root not be allowed to login directly to the box.
- Shankar
-
Philip S Tellis -
Sankha Subhra Som -
Shankar Ramchandran