From owner-freebsd-isp Tue Jan 8 18:30:41 2002 Delivered-To: freebsd-isp@freebsd.org Received: from proverbs.outreachnetworks.com (proverbs.outreachnetworks.com [65.196.249.4]) by hub.freebsd.org (Postfix) with SMTP id 120EF37B420 for ; Tue, 8 Jan 2002 18:30:30 -0800 (PST) Received: (qmail 48823 invoked from network); 9 Jan 2002 02:30:30 -0000 Received: from unknown (HELO phoncella.outreachnetworks.com) (64.108.58.104) by proverbs.outreachnetworks.com with SMTP; 9 Jan 2002 02:30:30 -0000 Received: (from elh@localhost) by phoncella.outreachnetworks.com (8.11.6/8.11.6) id g092UU003325 for freebsd-isp@FreeBSD.ORG; Tue, 8 Jan 2002 21:30:30 -0500 X-Authentication-Warning: phoncella.outreachnetworks.com: elh set sender to elh@outreachnetworks.com using -f Date: Tue, 8 Jan 2002 21:30:30 -0500 From: "Eric L. Howard" To: freebsd-isp@FreeBSD.ORG Subject: Re: root without password ? Message-ID: <20020108213030.A2768@outreachnetworks.com> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: <20020109004913.GB54233@krijt.livens.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020109004913.GB54233@krijt.livens.net>; from wim@livens.net on Wed, Jan 09, 2002 at 01:49:13AM +0100 Favorite-Scripture: Romans 8:18 Theocratic-Rule-Advocate: http://www.crossmovement.com Registered-Secret-Agent: Agent Double-Naught Seven Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At a certain time, now past, Wim Livens spake thusly: > > I have a backoffice multiuser system with "friendly" users, most of > which need root access quite often. > > In order not having them to type the root password all the time when > doing su, I thought of using a passwordless root account. > > Would that be a stupid thing to do (security-wise) if the following > conditions are met: > > - only users that need root access belong to the wheel group > - you can't login as root directly via telnet (default settings) > - you can't login as root via ftp (default settings) > - no other services are enabled in inetd.conf Bad idea....IMO. My man page from sudo says... --------8<--snip-------- Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (five minutes by default). --------8<--snip-------- You should be able to make something work with that... ~elh -- Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m ------------------------------------------------------------------------ www.OutreachNetworks.com 313.297.9900 ------------------------------------------------------------------------ Advocate of the Theocratic Rule To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message