From owner-freebsd-isp Tue Jan 8 16:49: 3 2002 Delivered-To: freebsd-isp@freebsd.org Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67]) by hub.freebsd.org (Postfix) with ESMTP id 07BC137B416 for ; Tue, 8 Jan 2002 16:49:00 -0800 (PST) Received: from 213-193-182-62.adsl.easynet.be ([213.193.182.62] helo=krijt.dyn.dhs.org) by bigglesworth.mail.be.easynet.net with esmtp (Exim 3.16 #1) id 16O6vF-0004HP-00 for freebsd-isp@freebsd.org; Wed, 09 Jan 2002 01:48:53 +0100 Received: (from wim@localhost) by krijt.dyn.dhs.org (8.11.3/8.11.3) id g090nEV63967 for freebsd-isp@freebsd.org; Wed, 9 Jan 2002 01:49:14 +0100 (CET) (envelope-from wim) Date: Wed, 9 Jan 2002 01:49:13 +0100 From: Wim Livens To: freebsd-isp@freebsd.org Subject: root without password ? Message-ID: <20020109004913.GB54233@krijt.livens.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a backoffice multiuser system with "friendly" users, most of which need root access quite often. In order not having them to type the root password all the time when doing su, I thought of using a passwordless root account. Would that be a stupid thing to do (security-wise) if the following conditions are met: - only users that need root access belong to the wheel group - you can't login as root directly via telnet (default settings) - you can't login as root via ftp (default settings) - no other services are enabled in inetd.conf regards, -- Wim Livens. C o l t B e l g i u m "In a world without walls and fences, who needs windows and gates?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message