Re: root password and su (maybe)

From: Kelerion (kelerion_at_thenewmatrix.net)
Date: 09/11/03

  • Next message: Jason Dixon: "Re: root password and su (maybe)" 
    To: redhat-list@redhat.com
Date: Thu, 11 Sep 2003 15:03:36 +0100

    small world.. you must know my boss.. a) describes him perfectly!! :)

    whats even more ironic.. is when I approached him about this.. he said
    "but changing the password on a regular basis sounds like a good idea
    for security.." my response "yeah.. and it's also a royal pain in the
    arse when you forget what you set it to".. his response.. "ok.. if its
    that much of a problem.. I'll just write them down on post-it's and keep
    the current password stuck to my monitor.. then you'll always know what
    it is"..

    so will every other person in the office...so much for security concerns...

    Kel.

    Jason Dixon wrote:

    > On Thu, 2003-09-11 at 07:43, Ed Wilts wrote:
    >
    >>On Thu, Sep 11, 2003 at 07:09:43AM -0400, Jason Dixon wrote:
    >>
    >>>This is what sudo is for. If he insists on having root, but can't
    >>>remember root's password, just give him the ability to escalate his
    >>>permissions. If he doesn't want to enter extra passwords, and you're ok
    >>>with it, add the following to your /etc/sudoers file (assuming you've
    >>>installed the sudo package):
    >>>
    >>>username ALL=(ALL) NOPASSWD: ALL
    >>
    >>I used to like the idea of NOPASSWD on the sudo option but have since
    >>come to realize how unsecure this really is. If you're going to run
    >>with a password-less sudoers file, you may as well run as root. A nasty
    >>script could easily do something like "sudo /bin/rm /" and you'd be
    >>dead.
    >
    >
    > Excuse my French, but "no ***". If you'd have read further down, you'd
    > have noticed my claim that I would never personally do this on any of
    > *my* systems, but it sounds appropriate for this guy's usage. He has a
    > boss that a) probably can't be trusted not to screw stuff up, since b)
    > he keeps changing the root password and forgetting it. If he has root,
    > he can just as easily "rm -rf /" (note that your command wouldn't do
    > much damage) and kill systems.
    > 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Jason Dixon: "Re: root password and su (maybe)"