Re: recover root password

Tue, 15 Apr 2008 14:56:22 -0700 

McKown, John wrote:

-----Original Message-----
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On
Behalf Of John Summerfield
Sent: Monday, April 14, 2008 5:34 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: recover root password


[snip]


Red Hat expects administrators to know and use root's password. That's
what su does.

SUSE expects administrators to know and use root's password. It
configures sudo to work that way.


Strange. On my OpenSUSE at home, it asks for my password, not root's
password.

Then you must have changed it, as I did. This is from the distributed
configuration on 10.3:
Defaults targetpw   # ask for the password of the target user i.e. root

I verified it:
05:45 [EMAIL PROTECTED] tmp]$ rpm2cpio
</mnt/iso/suse/i586/sudo-1.6.9p2-23.i586.rpm | cpio --extract -d
882 blocks
05:46 [EMAIL PROTECTED] tmp]$ find etc/
etc/
etc/pam.d
etc/pam.d/sudo
etc/sudoers




Until the vendors change their approach, administrators are
going to be
working that way.


That can be fixed by the administrator using visudo to change


It can be, but most people will assume the vendor has it right until
they learn otherwise.

Did _you_ go through every bit of your opensuse configuration to ensure
it's sane, according to your own beliefs?



/etc/sudoers. Granted, another customization that the vendor should do.
Perhaps. But you know how much people will scream "why did that
CHANGE!!!!" if the vendor does it.


Ubuntu used sudo from the beginning. I don't recall any controversy over
 it. I imagine that when RH/SUSE does it, they will document it in the
release notes and other documentation, and when people challenge it,
point them at the documentation.





The only Linux distribution that expects administrators to
use their own
password is Ubuntu, and while it's based off Debian that is available
for IBM mainframes, Ubuntu isn't yet.

One can also login as root without password if ssh is so configured.


Hopefully you mean with a cert instead of a password.


I don't know of anyone who's implemented ssh to allow login without
_some_ credentials.


--

Cheers
John

-- spambait
[EMAIL PROTECTED]  [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390























					Reply via email to