Harry Putnam wrote:
Scott Rotondo <[email protected]> writes:
But some posters here have said in build 124 root has been removed as
an account...or reduced to a role or something like that, so depending
on what you mean by `setting root as a regular account', I'm not
sure whats going on.
I believe the root account has been a role since the first OpenSolaris
binary release; this is not a recent change.
It may have... but it was still possible to have root as an account
and to ssh to root if you set it up in /etc/sshd_config... I've been
doing it since 2008.11 b101
It's only between 118 and 124 that things got more complicated... bringing
Pam in as enforcer I guess. But that too can be circumvented.
I thought that it has been enforced since the root account was converted
to a role. As I mentioned in a different thread, you can configure PAM
to not enforce this for ssh (or other services). Others have mentioned
that you can convert root back to a user account in /etc/user_attr.
There are as many ways to skin this cat as you have imagination for.
But just to be a broken record, the recommended approach is to login as
a mere mortal and pfexec(1)/su(1m) to elevate privilege. Preferably you
only elevate the privileges you need to, when you need to.
I just don't get why devs are so hell bent on crippling root account.
Its been around many many yrs.
The goal seems to be to decompose the privileges so that you can create
systems where no one user is almighty and if they are, it's more
controlled. Otherwise "*/Quis custodiet ipsos custodes?/*"
-Norm
_______________________________________________
opensolaris-discuss mailing list
[email protected]
