root in FC 10

Gene Heskett gene.heskett at verizon.net
Sat Dec 6 07:52:39 UTC 2008


On Saturday 06 December 2008, Fred Silsbee wrote:
>--- On Sat, 12/6/08, Todd Zullinger <tmz at pobox.com> wrote:
>> From: Todd Zullinger <tmz at pobox.com>
>> Subject: Re: root in FC 10
>> To: fedora-list at redhat.com
>> Date: Saturday, December 6, 2008, 12:04 AM
>>
>> Gene Heskett wrote:
>> >>Disabling root login is a common security practice.
>>
>> Sounds like it's
>>
>> >>been disabled by default in F10. That's got to
>>
>> be a good thing.
>>
>> > Apparently so, but then the install doesn't add
>>
>> the one user it asks
>>
>> > you to define to the sudoers file, and to fix that
>>
>> requires a reboot
>>
>> > to single mode.
>>
>> No it doesn't.  You run "su -c visudo" and
>> add the user you want.

And I'll repeat myself one more time here folks, it asked for the root passwd 
when I tried that, but no root passwd had been set during the install.  The 
only user defined had a passwd ok, but the error message when I was that 
user, and used that users passwd was "not in sudoers file, permission 
denied". 

I tried to use as few multiple syllable words as I could, so I hope I have 
made myself clear as there seems to be a general and widespread air of 
disbelief here.

That was not the command I issued that spit that back at me, but I don't think 
the command is germain to this discussion.  In fact it was my attempt to vim 
ifcfg-eth0 to fix the networking that wasn't that brought this to my 
attention.  I couldn't save the changes as the only user, and sudo denied the 
only user because there weas no entry in the sudoers file for that user.  
Ergo there was no way I could effect the required config changes without 
rebooting to single mode.

Maybe there is a better, more "politicaly correct" way to do it, but a reboot 
to single mode has been my preferred choice since I installed RedHat 5.0 a 
decade plus back up the log.  I *know* that works.

Now, is that clear enough to convince "Houston" that we have a problem?

>> --
>> Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL:
>> www.pobox.com/~tmz/pgp
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> The best advice I can give is to ignore advice. Life is too
>> short to
>> be distracted by the opinions of others.
>>     -- Russell Edson
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe:
>> https://www.redhat.com/mailman/listinfo/fedora-list
>> Guidelines:
>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>
>disabling root access is what the root password is for
>
>I've been logging into root for 11.5 tears on Linux alone without problems
>
>It is dumb to make it impossible for everybody.
>
>I understand this disablement can be removed by doing something in pam.d or
> whatever it is.



-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Taxes, n.:
	Of life's two certainties, the only one for which you can get
	an extension.




More information about the fedora-list mailing list