Re: [Freeipa-users] Administration question: root user
Thank you. I really appreciate your help and for taking the time to answer so quickly. I will NOT manage root through FreeIPA. Regards, Joe -Original Message- From: Stephen Gallagher [mailto:sgall...@redhat.com] Sent: Wednesday, June 06, 2012 7:15 AM To: Joe Linoff Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Administration question: root user On Wed, 2012-06-06 at 06:59 -0700, Joe Linoff wrote: > Hi Folks: > > > > I am a newbie so I apologize in advance if this is a silly set of > questions. I am using FreeIPA 2.1.3 on CentOS 6.2 and am very happy > with it but I have a couple of questions about root access. When I > setup my systems, I configured root manually on each of them. > > > > Does it make sense to define the root user in FreeIPA? No, this is unsafe. You always want to be able to log in locally as root if something goes wrong. We specifically exclude 'root' from being managed by SSSD for this reason. > > > > Is it desirable from a security and administration perspective? Absolutely not. Your better bet would be to maintain SUDO rules on each of the systems instead. > > > > If it does make sense, is it as simple as adding the “root” user in > “ipa user-add”? Please don't :) ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Administration question: root user
On Wed, 2012-06-06 at 06:59 -0700, Joe Linoff wrote: > Hi Folks: > > > > I am a newbie so I apologize in advance if this is a silly set of > questions. I am using FreeIPA 2.1.3 on CentOS 6.2 and am very happy > with it but I have a couple of questions about root access. When I > setup my systems, I configured root manually on each of them. > > > > Does it make sense to define the root user in FreeIPA? No, this is unsafe. You always want to be able to log in locally as root if something goes wrong. We specifically exclude 'root' from being managed by SSSD for this reason. > > > > Is it desirable from a security and administration perspective? Absolutely not. Your better bet would be to maintain SUDO rules on each of the systems instead. > > > > If it does make sense, is it as simple as adding the “root” user in > “ipa user-add”? Please don't :) signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Administration question: root user
Hi Folks: I am a newbie so I apologize in advance if this is a silly set of questions. I am using FreeIPA 2.1.3 on CentOS 6.2 and am very happy with it but I have a couple of questions about root access. When I setup my systems, I configured root manually on each of them. Does it make sense to define the root user in FreeIPA? Is it desirable from a security and administration perspective? If it does make sense, is it as simple as adding the "root" user in "ipa user-add"? Thank you, Joe ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users