Date: Tue, 8 Jan 2002 21:30:30 -0500 From: "Eric L. Howard" <elh@outreachnetworks.com> To: freebsd-isp@FreeBSD.ORG Subject: Re: root without password ? Message-ID: <20020108213030.A2768@outreachnetworks.com> In-Reply-To: <20020109004913.GB54233@krijt.livens.net>; from wim@livens.net on Wed, Jan 09, 2002 at 01:49:13AM %2B0100 References: <20020109004913.GB54233@krijt.livens.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At a certain time, now past, Wim Livens spake thusly:
>
> I have a backoffice multiuser system with "friendly" users, most of
> which need root access quite often.
>
> In order not having them to type the root password all the time when
> doing su, I thought of using a passwordless root account.
>
> Would that be a stupid thing to do (security-wise) if the following
> conditions are met:
>
> - only users that need root access belong to the wheel group
> - you can't login as root directly via telnet (default settings)
> - you can't login as root via ftp (default settings)
> - no other services are enabled in inetd.conf
Bad idea....IMO. My man page from sudo says...
--------8<--snip--------
Once a user has been authenticated, a timestamp is updated and the user
may then use sudo without a password for a short period of time (five
minutes by default).
--------8<--snip--------
You should be able to make something work with that...
~elh
--
Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m
------------------------------------------------------------------------
www.OutreachNetworks.com 313.297.9900
------------------------------------------------------------------------
Advocate of the Theocratic Rule
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020108213030.A2768>