From owner-freebsd-questions Fri Jun 27 10:05:02 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id KAA02065 for questions-outgoing; Fri, 27 Jun 1997 10:05:02 -0700 (PDT) Received: from mailgate.greenhills.co.uk (mailgate.greenhills.co.uk [195.11.194.180]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id KAA02051 for ; Fri, 27 Jun 1997 10:04:57 -0700 (PDT) Received: (qmail 9658 invoked by uid 982); 27 Jun 1997 17:02:57 -0000 Message-ID: <19970627180257.39440@webcrawler.com> Date: Fri, 27 Jun 1997 18:02:57 +0100 From: Martijn Koster To: Nathan Dorfman Cc: Roger P Johnson , freebsd-questions@FreeBSD.ORG Subject: Re: su and not prompt for password? howto in 2.2.2 References: <199706271516.LAA04402@limbo.senate.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.76 In-Reply-To: <199706271516.LAA04402@limbo.senate.org>; from Nathan Dorfman on Fri, Jun 27, 1997 at 11:16:11AM -0400 Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, Jun 27, 1997 at 11:16:11AM -0400, Nathan Dorfman wrote: > If all root logins are disabled, and only wheel can su to root > (let's assume that everyone in wheel would know the root password > anyway) is it safe then to operate without a root password? Not when someone goes to for lunch and doesn't log out... sudo times your password out, reducing that risk. And it logs usage. And you can restrict the root ability to only those operations that someone needs it for. Also, if you don't have a password, a trojan horse could do an su, and you're in trouble. If you're forced to type a password, you give explicit approval. Finally, the only reason not to have a password is for people to lazy to type it. You should set things up so they don't have to be root in the first place, avoiding the whole problem... IMHO and all that... -- Martijn Koster