Date: Thu, 24 Jan 2002 22:58:55 +0800 From: "Alastair D'Silva" <deece@newmillennium.net.au> To: "Wim Livens" <wim@livens.net>, <freebsd-isp@freebsd.org> Subject: Re: root without password ? Message-ID: <005101c1a4e7$a5f545c0$bf00a8c0@internal> References: <20020109004913.GB54233@krijt.livens.net>
next in thread | previous in thread | raw e-mail | index | archive | help
You should have a look at /usr/ports/security/sudo If they only need to do a few things, you can allow only those commands via sudo (which uses their own password), without having to give them full root access. -- Alastair D'Silva B. Sc. mob: 0413 485 733 Networking Consultant ph: (08) 9345 5223 New Millennium Networking http://www.newmillennium.net.au ----- Original Message ----- From: "Wim Livens" <wim@livens.net> To: <freebsd-isp@FreeBSD.ORG> Sent: Wednesday, January 09, 2002 8:49 AM Subject: root without password ? > > I have a backoffice multiuser system with "friendly" users, most of > which need root access quite often. > > In order not having them to type the root password all the time when > doing su, I thought of using a passwordless root account. > > Would that be a stupid thing to do (security-wise) if the following > conditions are met: > > - only users that need root access belong to the wheel group > - you can't login as root directly via telnet (default settings) > - you can't login as root via ftp (default settings) > - no other services are enabled in inetd.conf > > regards, > > -- > Wim Livens. > C o l t B e l g i u m > "In a world without walls and fences, who needs windows and gates?" > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005101c1a4e7$a5f545c0$bf00a8c0>