On Wednesday 18 June 2003 10:37, brett holcomb wrote: > Well, yes he can if he wants - he can do anything he > wants, even use root as a user account! My answer was > from the viewpoint of Gentoo's default. It may not be > gospel but I assume there is a good reason for doing it > that way and before I change it I'd do some checking to > see what the ramifications are.
Okay, please allow me to make something clear on the logic of the wheel group. _If_ your root password is god-forbid leaked (and you have root login from a console or SSH disabled as you should), then it would be impossible for a normal user to get to the root account unless they were already in the wheel group. Now, if you go around giving everybody wheel, then you're defeating the purpose of the group. You should really only have one wheel member, and that's your normal user account. I have sysadmin friends who have a new user account (with a random username) that is in the wheel group created weekly just for paranoia reasons. Oh, and another thing, NEVER use the same password for your root account as you do for the account(s) that is in wheel. That way, if someone knows both your wheel account and root password but not the wheel account's password, you're still okay. I hope this helps -- Zack Gilburd http://tehunlose.com
pgp00000.pgp
Description: signature
