From owner-freebsd-isp Tue Jan 8 17: 6:44 2002 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 83AA137B421 for ; Tue, 8 Jan 2002 17:06:35 -0800 (PST) Received: from cr159591a (CPE00a00cc12af5.cpe.net.cable.rogers.com [24.102.18.54]) by hawk-systems.com (8.11.6) id g0916RK96134 for ; Tue, 8 Jan 2002 18:06:29 -0700 (MST) From: dave@hawk-systems.com (Dave) To: Subject: RE: root without password ? Date: Tue, 8 Jan 2002 20:11:12 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20020109004913.GB54233@krijt.livens.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org personally it raises warning flags with me... my first instinct would be if you want to do this, then set up ssh access only and/or restrict access based on encryption keys or IP address. Any of these users saving a password on a desktop or something could comprimise the system... perhaps I am being too paranoid though. Dave >-----Original Message----- >From: owner-freebsd-isp@FreeBSD.ORG >[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Wim Livens >Sent: Tuesday, January 08, 2002 7:49 PM >To: freebsd-isp@FreeBSD.ORG >Subject: root without password ? > > > >I have a backoffice multiuser system with "friendly" users, most of >which need root access quite often. > >In order not having them to type the root password all the time when >doing su, I thought of using a passwordless root account. > >Would that be a stupid thing to do (security-wise) if the following >conditions are met: > >- only users that need root access belong to the wheel group >- you can't login as root directly via telnet (default settings) >- you can't login as root via ftp (default settings) >- no other services are enabled in inetd.conf > >regards, > >-- >Wim Livens. >C o l t B e l g i u m >"In a world without walls and fences, who needs windows and gates?" > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message