On Thu, Jul 10, 2008 at 01:21:20PM -0400, Brynet wrote: > The keyword here is *default*. > > Say you installed OpenBSD on a soekris, it's nice having root enabled > "temporarily". > > That way you can login at a later time, create a lesser privledged account, > edit the sudoers file.. and disable root logins in sshd_config.
Note that you can already create this account and edit sudoers while still in the installer kernel. Simply `mnt/usr/sbin/chroot /mnt` and you are in your new system where you can change basic things (such as adding users and editing config files, do not expect to be able to do more fancy stuff like firewalling (so you can edit pf.conf, you just can not load it until after rebooting), you're still in the install kernel which lacks several key features provided by the regular kernel). root logins are also quite useful when /home is on NFS and NFS is broken somehow and you need to log in to fix stuff. Myself, I keep it enabled, even if I don't have /home on NFS and already have my less-privileged user for sudo access setup. Cheers, Paul 'WEiRD' de Weerd -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/