Peter Glassenbury (CSSE) wrote: > Sorry not even at a university lab... If someone wants to brute force > our root account, they obviously have not enough work to do. > Our logging should find the attempts... > Like Volker, I have yet to be convinced of the point of typing > "sudo " in front of all the commands I want to run as root. > When it becomes reflex, you are going to make the same mistakes > as if you login as root.
True, because the attack would have to be carried out manually, so you could just pull out the crow bar and stand outside the lab when it happens, not to mention that it would take forever to reach, say, 100 attempts, which would hardly make a dent (so to speak). There are pros and cons of either choice. For me, it's pointless to have a root password, because I can never remember what it is, and I usually only want to execute one command as root at a time, anyway. But that's just my preference. I can imagine that Pete boots the lab machines into single-user mode, for which he needs the root password, to diagnose problems. Even if that was disabled, there could still only be one password for admins: the BIOS password (for booting from a CD, for example). By the way, it's only five extra keystrokes to prefix a command with "sudo ". --Aidan
signature.asc
Description: PGP signature
Part 3
Description: micalg/pgp-sha1
