Subject: Re: require root passwd for single user mode login?
From: Radar O'Reilly (nathan.willard@yale.edu)
Date: Wed Aug 30 2000 - 07:16:31 MDT
On Wed, 30 Aug 2000, pangaea wrote:
> > I say its better to start with security tight and let a knowledgeable
> > sysadmin loosen it up if need be.
>
> I must agree with this. I'd rather learn why I can't do something, then
> change it, than have to search through log after log to figure out how and
> where someone got access to my machine.
I'll come down on the other side.
There are a limited number of situations in which console access should not
allow one to root the machine. For most beginning users, especially, the
cleverer ways of getting around a forgotten root password will likely be
nonobvious. People for whom it IS a concern are exactly those people aware of
the consequences and possibilities, and should therefore be expected to have a
slightly higher knowledge base. We aren't talking about having sendmail enabled
by default here; there's no remote insecurity.
I know that I was exceedingly grateful to be able to boot into linux
single-user mode without the root password when I got drunk one night and
changed it, with no memory the next day of the password I'd chosen. =)
Before that, I hadn't even known how to boot into single-user mode.
And this wasn't the first unix box I've administered.
An install-time option might make sense, though.
__________/| Nathan "Radar" Willard MC '00 | "A Sucking Chest Wound is
(_|__|_____\|________ PO Box 203927 | nature's way of telling
|_|_____________)- New Haven, CT 06520 | you to slow down."
This archive was generated by hypermail 2a24 : Wed Aug 30 2000 - 07:21:50 MDT