On 2014-04-11, Jaroslav Reznik <jrez...@redhat.com> wrote: >= Proposed System Wide Change: The securetty file is empty by default = > https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default > [...] > Disabling root access via any console device (tty). > This is silly. If a system has been broken very badly, then one goes to the machine and fix if from the local TTY.
With local access, there is no way how to prevent from rooting the machine. (Let's forget on TPM-guarded or on-line-audited systems now.) So preventing from logging as root on Linux virtual terminal is pointless. Hiding a root access behind two passwords does not bring any better security than using one strong root password. You are making simple things over-complicated. -- Petr -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
