[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: user created at install added in sudoers ?



On 6/20/07, Dan Young <dyoung mesd k12 or us> wrote:
On 6/19/07, n0dalus <n0dalus+redhat gmail com> wrote:
> In what way would it benefit a majority of users? I could be wrong,
> but I suspect the majority of Fedora installations only have one
> administrator, in which case, sudo actually ends up making things
> _less_ secure (it provides another account by which root access can be
> cracked).

In a "1st user gets sudo" scenario, I'd lock the root account. It
wouldn't be _another_ account to crack, it would be a different
account.


If that's what you want, can I suggest you propose that as a firstboot
option instead then? Currently the proposal seemed to be just "1st
user gets sudo", and root is still available.

The approach I personally use is to keep the root account enabled,
disable root from logging in with ssh/gdm/kdm/xdm, and then use su -
from my user account.

The options proposed so far are:
1) Provide no option on install/firstboot. Keep the system as is, with
nobody in sudoers and users use su - or login as root directly to get
root access.
2) Provide the option to put the firstboot created user in sudoers,
users use sudo, su - or direct root login to get root access. As I've
pointed out earlier, this is not really that helpful.
3) Provide the option to put the firstboot created user in sudoers and
disable the root login, users use sudo to get root access. This is the
method used in Some Other (TM) distros.

To throw a couple of other options into the mix:
4) Provide no option on install/firstboot, but disable root logins in
ssh_config/etc by default (after firstboot has been run, so don't do
this on an upgrade), users use su - to get root access.
5) Provide an option in firstboot to disable root logins in
ssh_config/etc and users can use su - to get root access.

Are there other possible options?

For 4 and 5, would we want gdm/kdm/xdm root logins disabled? How about
vt root logins? The reason for blocking ssh root access is fairly
straightforward; it's the only practical method for cracking the root
account. Blocking gdm/kdm/xdm is just to discourage users from logging
into their desktops as root, which we should be doing anyway. You'd
block vt root logins too if you wanted to completely ensure root can
only be reached by su -.

I'd personally vote for 1, but would also be happy with 4 or 5.

n0dalus.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]