Date: Fri, 27 Jun 1997 18:02:57 +0100 From: Martijn Koster <mak@webcrawler.com> To: Nathan Dorfman <nathan@senate.org> Cc: Roger P Johnson <hirsh@skypoint.com>, freebsd-questions@FreeBSD.ORG Subject: Re: su and not prompt for password? howto in 2.2.2 Message-ID: <19970627180257.39440@webcrawler.com> In-Reply-To: <199706271516.LAA04402@limbo.senate.org>; from Nathan Dorfman on Fri, Jun 27, 1997 at 11:16:11AM -0400 References: <m0whcIU-00010FC@mirage.skypoint.com> <199706271516.LAA04402@limbo.senate.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 27, 1997 at 11:16:11AM -0400, Nathan Dorfman wrote: > If all root logins are disabled, and only wheel can su to root > (let's assume that everyone in wheel would know the root password > anyway) is it safe then to operate without a root password? Not when someone goes to for lunch and doesn't log out... sudo times your password out, reducing that risk. And it logs usage. And you can restrict the root ability to only those operations that someone needs it for. Also, if you don't have a password, a trojan horse could do an su, and you're in trouble. If you're forced to type a password, you give explicit approval. Finally, the only reason not to have a password is for people to lazy to type it. You should set things up so they don't have to be root in the first place, avoiding the whole problem... IMHO and all that... -- Martijn Koster
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970627180257.39440>