From owner-freebsd-questions Wed May 2 8:27:37 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmod.ath.cx (CC2-861.charter-stl.com [24.217.115.99]) by hub.freebsd.org (Postfix) with ESMTP id D06BD37B422 for ; Wed, 2 May 2001 08:27:33 -0700 (PDT) (envelope-from ajh3@chmod.ath.cx) Received: by chmod.ath.cx (Postfix, from userid 1001) id 62FBDA876; Wed, 2 May 2001 10:26:34 -0500 (CDT) Date: Wed, 2 May 2001 10:26:34 -0500 From: Andrew Hesford To: John Congdon Cc: "'freebsd-questions@freebsd.org'" Subject: Re: Disabling The Root Account Message-ID: <20010502102634.A35253@cec.wustl.edu> References: <71E79DA61328D311B4D10020AFF78E4218DBEE@bdc.orlando.tradeweb.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <71E79DA61328D311B4D10020AFF78E4218DBEE@bdc.orlando.tradeweb.net>; from john@tradeweb.net on Wed, May 02, 2001 at 10:49:00AM -0400 X-Loop: Andrew Hesford Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, May 02, 2001 at 10:49:00AM -0400, John Congdon wrote: > I am considering changing root's shell to /bin/false or the like. > And doing everything via sudo. > > Does anyone have any insight into this? Is it not advisable to do this? No, it is not advised that you do this. First, sudo is a pain in the ass if you want to do a lot of things. For instance, say you want to build a bunch of different ports, or you want to keep mounting and unmounting a filesystem (like you are creating a PicoBSD disk, and you keep needing to tweak little things, then testing them, and altering them). Second, what if something happens to your sudo binary? Then you are locked out of the system until you reboot into single-user mode and fix things. Of course, not that it's too much of a concern, but if something happens to sudo, you can't even reboot cleanly. The third major concern is security. If you sudo everything, you have two options. You can neglect to ever ask for a password with sudo, or you are required to give your own password. Either way, if some cracker manages to grab your user password, he now has access not only to your data, but root access to anything on the machine. With a root user, the cracker has two passwords to guess if he wants to change anything critical. This is harder. And if you're like me, you keep your passwords very easy to remember, but almost impossible to guess. My passwords have letters, numbers and punctuation, and have absolutely nothing to do with anything that anybody would ever think of. And yet there is no way I will ever forget them. I left crack running on my password file for half a week, and it made absolutely no progress on the two passwords I have on my system. In the end, however long it takes to crack one password, it takes about twice as long to crack two. For a home site, this is often too much trouble for crackers to go through. If you ask me, disabling the root account is a foolish thing to do. In fact, you can tell it's a foolish thing, because it is what Apple does (and even encourages people NOT to change) with Mac OS X. I see absolutely no advantage, and some big disadvantages. By the way--don't use /bin/false for disabling logins. This is better handled by /sbin/nologin, which prints a nice message and exits nonzero. -- Andrew Hesford ajh3@chmod.ath.cx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message