[CentOS] Getting ready for CentOS 5.4

Les Mikesell lesmikesell at gmail.com
Mon Mar 30 14:50:56 UTC 2009


Michael A. Peters wrote:

>> Errr, why is it easier to get an admin user's name and password than the 
>> root password?
> 
> Because typically you only allow root login via console or an existing 
> login.

I don't see how that relates to the question.

> You can brute force a user password (or sniff if the admin is lazy in 
> how they connect - IE not using proper pass phrase, MITM attacks - 
> possible with the SSH bug that Debian/Ubuntu had) etc. but normally the 
> root account is disabled from remote login so it can't be remotely brute 
> forced or sniffed.

Normally?  As in a default install?

> What you normally do is give sudo access to the commands (or wrappers to 
> the commands) that a particular sysadmin might need to use but you don't 
> give them full root access, thereby limiting the damage that can be done 
> should their password be compromised.

Who is 'them'?   And if you haven't shared the root password, what 
happens when you get hit by a bus?

-- 
   Les Mikesell
    lesmikesell at gmail.com



More information about the CentOS mailing list