Date: Tue, 8 Jan 2002 20:11:12 -0500 From: dave@hawk-systems.com (Dave) To: <freebsd-isp@FreeBSD.ORG> Subject: RE: root without password ? Message-ID: <DBEIKNMKGOBGNDHAAKGNAEPLLFAA.dave@hawk-systems.com> In-Reply-To: <20020109004913.GB54233@krijt.livens.net>
next in thread | previous in thread | raw e-mail | index | archive | help
personally it raises warning flags with me... my first instinct would be if you want to do this, then set up ssh access only and/or restrict access based on encryption keys or IP address. Any of these users saving a password on a desktop or something could comprimise the system... perhaps I am being too paranoid though. Dave >-----Original Message----- >From: owner-freebsd-isp@FreeBSD.ORG >[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Wim Livens >Sent: Tuesday, January 08, 2002 7:49 PM >To: freebsd-isp@FreeBSD.ORG >Subject: root without password ? > > > >I have a backoffice multiuser system with "friendly" users, most of >which need root access quite often. > >In order not having them to type the root password all the time when >doing su, I thought of using a passwordless root account. > >Would that be a stupid thing to do (security-wise) if the following >conditions are met: > >- only users that need root access belong to the wheel group >- you can't login as root directly via telnet (default settings) >- you can't login as root via ftp (default settings) >- no other services are enabled in inetd.conf > >regards, > >-- >Wim Livens. >C o l t B e l g i u m >"In a world without walls and fences, who needs windows and gates?" > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEIKNMKGOBGNDHAAKGNAEPLLFAA.dave>