On Wed, February 4, 2015 10:18 am, Keith Keller wrote:
On 2015-02-04, James B. Byrne byrnejb@harte-lyne.ca wrote:
One might question why *nix distributions insist on providing a known
point of attack to begin with. Why does user 0 have to be called root? Why not beatlebailey, cinnamon or pasdecharge?
That is more or less what OS X does. User 0 still exists, and it's
labelled as "root", but there is no way (unless the owner goes way out of his way) to actually log in as root. The first account created is given full sudo access, and can choose to grant sudo to subsequently created users.
Which I consider almost as "security through obscurity" (I said "almost"!)
I'm neutral to sudo (even though I was taught "the smaller number of SUID/SGID files you have, the better). Yet, I'm considering it less safe to have regular user who can log in with GUI interface, and likely to be doing regular user stuff to have almighty abilities. Yes, I know, I know he has to prepend "sudo"... OK, this seems to be kind of question of taste in the majority opinion.
(Users with sudo can still get a root shell, but that's not the same as logging in as root.)
I thought Ubuntu did this as well, but I haven't installed Ubuntu for
quite a while. Anyone know?
Yes, Debian and its clones have full fledged root account, only with empty password hash (thus making it account for which no password will match). You can enable it by grabbing root shell using sudo, then using command passwd to set password. voila.
And they are more or less neutral, they do not insist that having disabled root account adds security of the machine (which it doesn't) - as far as I recollect reading their docs.
Valeri
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++