On Thu, Jul 10, 2008 at 01:21:20PM -0400, Brynet wrote:
> The keyword here is *default*.
>
> Say you installed OpenBSD on a soekris, it's nice having root enabled
> "temporarily".
>
> That way you can login at a later time, create a lesser privledged account,
> edit the sudoers file.. and disable root logins in sshd_config.
Note that you can already create this account and edit sudoers while
still in the installer kernel. Simply `mnt/usr/sbin/chroot /mnt` and
you are in your new system where you can change basic things (such as
adding users and editing config files, do not expect to be able to do
more fancy stuff like firewalling (so you can edit pf.conf, you just
can not load it until after rebooting), you're still in the install
kernel which lacks several key features provided by the regular
kernel).
root logins are also quite useful when /home is on NFS and NFS is
broken somehow and you need to log in to fix stuff. Myself, I keep it
enabled, even if I don't have /home on NFS and already have my
less-privileged user for sudo access setup.
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
