james hughes wrote: > > On May 13, 2008, at 4:50 PM, Bart Smaalders wrote: > >> >> How do I log into and configure a blank system image? Is a default >> account created that has this privilege, or does the lack of such >> an account mean that the system must be repaired by booting >> from alternate media? > > > Loosing or breaking the administrator's account is identical to > loosing root password. > >> How will we insure that there are real administrative users present >> in the password file? > > > The real administrative users present in the password file because > the initial installation put it there. > > This is not about the elimination of root as a much as it is the > ability to create a machine that has a no root password. Previous > methods of having root have a password are still possible.
Are you not creating a root account or are you creating a root account but not using the root username? If you're creating a system administration account, but simply under another name, then there is no security benefit from this change - except that someone now has to "guess" the administration account name if they don't know it already... ...and this is where Windows is at today: it's come from having "administrator" as the default "root" account to creating a user account at install (using your name) that has full privilege, meaning malware likely has the required privilege it needs when opened via Outlook, even though the user who is logged in is not called "administrator", they still have "administrator" power. Net result: you have to guess an account name to try and login to the system with before going further. If there is no followup to this case to make the prescribed changes to root then I'd like the following questions to be answered as part of this case (if it hasn't been derailed yet): What are the security threats that this change is intended to provide protection from? How does this change mitigate the security threats that it is intending to provide protection from? What are the security risks that this change introduces? Darren
