Re: [root user] How to disable root account?
From: Maxim Vexler (hq4ever_at_gmail.com)
Date: Fri, 25 Nov 2005 13:33:34 +0200 To: Robert Brockway <email@example.com>
On 11/25/05, Robert Brockway <firstname.lastname@example.org> wrote:
> On Thu, 24 Nov 2005, BjÃ¶rn LindstrÃ¶m wrote:
> > passwd -l simply sets the password to a value matching no
> > passwords. sudo works by running SUID root, and so does not depend on a
> > root password in any way.
> Actually that depends on how sudo is configured. In some configurations
> sudo does depend on the root password (rather than the user a/c password)
> for authentication.
> Anyone wanting to lock the root account (not a good idea IMHO) should have
> a root enabled session (sudo, su or whatever) put to the side and not
> touched during the procedure. This session would be used only to reverse
> the procedure if it was found that establishing superuser privs was no
> longer possible in new sessions.
> Robert Brockway B.Sc. Phone: +1-416-669-3073
> Senior Technical Consultant Email: email@example.com
> OpenTrend Solutions Ltd. Web: www.opentrend.net
> We are open 24x365 for technical support. Call us in a crisis.
In the worst case, couldn't someone just boot from a livecd, run
[passwd root], then [cat /etc/shadow | grep root] on the livecd and
finally simply copying that entry into the locked out system shadow
-- Cheers, Maxim Vexler (hq4ever). Do u GNU ?