Re: [users]Re: Linux Vs Windows in security (II)
- From: Karl Auer <kauer@xxxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 22:40:39 +1000
NO - You can't change the root password if you don't know the rootWell, either you or me are mistaken.
password. You CAN however, IF you DO.
'cause anyone who has access to sudo, can change the root pass, EVEN without knowing it.
You are right. root can change any password, including its own, without
having to provide the old password.
Some sites don't let sudo run passwd for that reason, but there are
dozens of ways round that. You can't block every editor either, there
are too many of them.
The cure is old-fashioned - give specific sudo access to specific users
or groups for specific programs, only as needed and make the default
sudo access nothing. Don't provide sudo access to anything that could
conceivably be used to escalate privileges - that means anything that
can modify a user-specified file on disk. And keep the members of admin
to a minimum - ideally just one.
Karl Auer (kauer@xxxxxxxxxxxxxx) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
ubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- Prev by Date: Re: [users]Re: Linux Vs Windows in security (II)
- Next by Date: Re: [users]Re: Linux Vs Windows in security (II)
- Previous by thread: Re: [users]Re: Linux Vs Windows in security (II)
- Next by thread: Re: [users]Re: Linux Vs Windows in security (II)