From owner-freebsd-isp Thu Jan 24 6:53:44 2002 Delivered-To: freebsd-isp@freebsd.org Received: from picard.dyn.newmillennium.net.au (CPE-61-9-173-144.vic.bigpond.net.au [61.9.173.144]) by hub.freebsd.org (Postfix) with ESMTP id 6CFAC37B404 for ; Thu, 24 Jan 2002 06:53:33 -0800 (PST) Received: (from root@localhost) by picard.dyn.newmillennium.net.au (8.11.6/8.11.4) id g0OEpbw88785 for freebsd-isp@freebsd.org; Thu, 24 Jan 2002 22:51:37 +0800 (WST) (envelope-from deece@newmillennium.net.au) Received: from spock (dhcp-191.internal [192.168.0.191]) by picard.dyn.newmillennium.net.au (8.11.6/8.9.3) with SMTP id g0OEpXj88697; Thu, 24 Jan 2002 22:51:35 +0800 (WST) Message-ID: <005101c1a4e7$a5f545c0$bf00a8c0@internal> From: "Alastair D'Silva" To: "Wim Livens" , References: <20020109004913.GB54233@krijt.livens.net> Subject: Re: root without password ? Date: Thu, 24 Jan 2002 22:58:55 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-scanner: scanned by Inflex 0.1.5c - (http://www.inflex.co.za/) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You should have a look at /usr/ports/security/sudo If they only need to do a few things, you can allow only those commands via sudo (which uses their own password), without having to give them full root access. -- Alastair D'Silva B. Sc. mob: 0413 485 733 Networking Consultant ph: (08) 9345 5223 New Millennium Networking http://www.newmillennium.net.au ----- Original Message ----- From: "Wim Livens" To: Sent: Wednesday, January 09, 2002 8:49 AM Subject: root without password ? > > I have a backoffice multiuser system with "friendly" users, most of > which need root access quite often. > > In order not having them to type the root password all the time when > doing su, I thought of using a passwordless root account. > > Would that be a stupid thing to do (security-wise) if the following > conditions are met: > > - only users that need root access belong to the wheel group > - you can't login as root directly via telnet (default settings) > - you can't login as root via ftp (default settings) > - no other services are enabled in inetd.conf > > regards, > > -- > Wim Livens. > C o l t B e l g i u m > "In a world without walls and fences, who needs windows and gates?" > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message