Eben King wrote:
>> Does the user run as a user with root privileges, or is there a password
>> involved when needing root privileges?
>>
>> Looks like it might be bypassing the security of running as a normal
>> user, but I'm not sure if I got it right.
>
>
> I set root up as usual, su/sudo to do whatever, but others say root
> shouldn't have a password. I have yet to see how you could have root
> with no password, and at the same time avoid a security hole you could
> drive a truck through.
Mac OS/X uses this same technique.
The password on the root account is just there for humans to obtain a
shell as root directly via login or ssh without ssh key trust. It really
isn't necessary to have a root password at all.
When a system boots, the init scripts are spawned as root and fork
daemons running as real users giving up their rights as root in the
process. No need for a password.
Some binaries are setuid root, and are paranoid as to limit their
actions as root as much as possible.
Sudo is one of these binaries. It is careful to follow the configuration
in /etc/sudoers to only allow certain users to run certain commands. By
default, an "administrative user" is trusted implicitly to do whatever
they want to after authenticating themselves (thus sudo's challenge to
enter your password when you try and run a command as root).
Sudo also logs what commands were run, and by whom, for a basic (though
alterable) audit log of sorts.
If you need root at a console, you have multiple ways of obtaining it:
1. Login as a normal user and:
- sudo to root
- setup root key trust with a user account with a passphrase protected
key, then ssh to localhost with the passphrase.
2. Boot any linux kernel with "rw init=/bin/bash" and take it from there.
Another method of running things as root is to setup ssh key trust for
administrators to ssh in as root and run whatever they must. There is
much risk in this, but security is all about mitigating acceptable
risks. If you need to restrict what a user can run, there are always
shells like "rssh" (restricted shell, not the bsd remote shell).
Seriously, I rarely su anymore, and only then to parade around as a
non-root user. When we must become root on a box, we have key trust to
"become root".
We have two senior administrators in charge of changing and maintaining
root passwords, which seems a rather waste of time to me.
I've long ago forgotten our root password scheme at NKS, and really
don't care. I have never needed a root password to do my job. I've long
argued for disabling the root password altogether.
- Ian C. Blenke <ian@blenke.com> http://ian.blenke.com/
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:33:25 EDT