-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Marti, Robert Sent: Thursday, November 11, 2010 8:41 AM To: 'Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list' Subject: Re: [rhelv5-list] Red Hat like Ubuntu
> -----Original Message----- > From: [email protected] [mailto:rhelv5-list- > [email protected]] On Behalf Of Domenico Viggiani > Sent: Thursday, November 11, 2010 7:28 AM > To: 'Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list' > Subject: [rhelv5-list] Red Hat like Ubuntu > > Hi, > I'd like to implement on Red Hat servers a security model like Ubuntu: > - no root access > - sudo for every administrative command > > Is it simply a matter of inserting a "!" in /etc/shadow and edit sudoers? > > Thanks in advance I wonder why you think Ubuntu does that for security? sudo -i gets you a root shell, sudo /bin/bash gets you a root shell... there's lots of ways. While your plan should work, is there a reason behind it? (besides the noted fsck problem) -------- I am a big fan of Ubuntu, but this is not really a security thing. You have to understand when Ubuntu was launched it really as a project wanted to be the Power User/General User Linux. They did not want you to have to set a root password to get normal work done. The average computer user Windows or Linux/Unix does not have root or domain admin privs so they build the OS with that in mind. As a sysadmin I set the root password on or Ubuntu machines just in case I ever need it. Ubuntu has other stuff added to work around the no root password setup like "BootLoginWithFullFilesystem" even some Ubuntu docs say if you get a bad system and fsck fails you might have to boot from CD or USB and set a password for root. I say if you want to use sudo use it don't disable root though the account is there for a reason and if you don't want to log in as root that is fine, but you will need it when you need it and if you don't like rebuilding machines and booting off cdroms save yourself from yourself. Sky Road LLC Message Disclaimer This message and any attachment transmitted with it (collectively, this "Message") may contain confidential or privileged information. It is for the sole use of the intended recipient(s). Any unauthorized review, use or disclosure is prohibited. If you are not the intended recipient, please advise the sender by reply message (e.g., email, fax or telephone) and destroy all copies of this Message. The information in this Message is not intended to replace a recipient's own internal processes for evaluating a transaction. This Message should not be regarded as (i) a recommendation to buy or refrain from buying any security; (ii) an offer to sell or solicitation of an offer to buy any security; or (iii) an official confirmation of any transaction. Sky Road cannot guarantee that the transmission and content of this Message is secure or error-free. Sky Road does not represent that this Message is accurate, uncorrupted, or free of viruses or other harmful code. _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
