On Jul 30, 2010, at 1:33 PM, Kyle McDonald wrote: > I actually like root as a role, but it strikes me that by forcing all > machines to have a single local user with a pw that everyone knows, > you've totally re-opened the hole that this was supposed to close. > Anyone can login as that local user, and assume the root role anonymously.
It's essentially a "security through obscurity" measure. There's still an account with effective access to root privileges, but it's not *called* root, so it's slightly harder to target. Sort of like renaming the "Administrator" account on Windows. On the other hand, there are some accountability advantages if you enforce the use of a tool that does logging, like "sudo". If everyone has their own account and they have to use "sudo" to exercise rootly powers, then you have a useful record of who did what. If someone just logs in as root you really don't know which of the people who had the root password did it. The tradeoff is each account with sudo privileges becomes a potential attack surface, so you need to make sure your admins are picking good passwords. -- David Brodbeck System Administrator, Linguistics University of Washington _______________________________________________ opensolaris-discuss mailing list [email protected]
