[CentOS] Getting ready for CentOS 5.4
Les Mikesell
lesmikesell at gmail.com
Mon Mar 30 13:50:56 UTC 2009
Michael A. Peters wrote:
>> Errr, why is it easier to get an admin user's name and password than the
>> root password?
>
> Because typically you only allow root login via console or an existing
> login.
I don't see how that relates to the question.
> You can brute force a user password (or sniff if the admin is lazy in
> how they connect - IE not using proper pass phrase, MITM attacks -
> possible with the SSH bug that Debian/Ubuntu had) etc. but normally the
> root account is disabled from remote login so it can't be remotely brute
> forced or sniffed.
Normally? As in a default install?
> What you normally do is give sudo access to the commands (or wrappers to
> the commands) that a particular sysadmin might need to use but you don't
> give them full root access, thereby limiting the damage that can be done
> should their password be compromised.
Who is 'them'? And if you haven't shared the root password, what
happens when you get hit by a bus?
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list