[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: edit root alias when installing the OS



On 1/8/06, Callum Lerwick <seg haxxed com> wrote:
> On Thu, 2006-01-05 at 19:15 -0800, Michael A. Peters wrote:
> > I can't speak for Ubuntu - but OS X has a root account.
> >
> > sudo su -
> >
> > and you are root.
>
> Well any unix is not likely to get rid of root entirely, but you can
> eliminate the password on the account and discourage its direct use.

Why should we cripple people's ability to administrate their systems
by taking away the root password? If I had to prepend all my commands
with 'sudo' and half of my paths with '/sbin' I'd quickly get
frustrated and give root a password. You can discourage the direct use
of root by not letting root login at gdm until they press a key-combo,
or warning if they open a web browser or something -- but removing the
concept of root is not discouraging it, it's just dumbing UNIX down. I
think people can handle the concept of a single superuser -- it's one
of the biggest security advantages of UNIX over some other popular
operating systems where almost every user is an admin.

>
> > It weakens OS X because by default, every admin password is essentially
> > a root password.
>
> I'm not seeing a convincing argument as to why this is any worse than
> every admin knowing the root password.

The issue is that:
Just because admins know the root password doesn't mean any malware
that manages to sneak on does too. Putting all the users in sudoers
means that malware only needs to get a user password for root access,
which is usually much easier than obtaining the root password.
If there are admins that you can't trust 100% with the root password,
you shouldn't be giving them sudo access either (unless you really
tighten down sudoers and deny-by-default, which probably won't come as
a default configuration).

>
> > In the early days it was *really* bad - as one could from a local
> > account do nidump passwd . and then run it through jtr to crack weak
> > admin passwords (and thus root the box). At least now they finally have
> > some sort of shadow implemented to prevent that.
>
> I don't see how weak passwords are sudo's fault.
>

Weak passwords are not sudo's fault, but statistically the more users
in sudoers the easier it becomes to get root access. It doesn't matter
how strong the passwords are.

I think the current system is fine as it is -- I don't see why some
people are so keen on removing the root password. If you are on a
multi-admin system, then a well configured sudo is great, but root
should still have a password. Putting users by default into an
allow-everything sudoers is weakening one of UNIX's most effective
layers of security.

n0dalus.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]