Solaris, Sudo, and locking the root account

From: Gordon Ewasiuk (gewasiuk@gnmc.net)
Date: 09/27/01


Date: Thu, 27 Sep 2001 13:26:46 -0400 (EDT)
From: Gordon Ewasiuk <gewasiuk@gnmc.net>
To: <focus-sun@securityfocus.com>
Subject: Solaris, Sudo, and locking the root account
Message-ID: <Pine.GSO.4.33.0109271319200.6777-100000@enterprise.gnmc.net>

Hi All,

What is the general feeling towards locking the root account on Solaris
when using sudo? We use sudo on Solaris everwhere and lock the root
account. This forces all users to sudo -s for a root shell - BUT - after
an abnormal shutdown, if a filesystem comes up dirty, it might need a
manual fsck pass. This, of course, requires the root password to enter
maint. mode.

I've got no problems booting from a CD, mounting the root FS, and
unlocking/NP the root acct but a veteran sysadmin kinda looked at me funny
when I explained it to him.

Is this a standard practice or making more trouble then it's worth?

TIA,

-Gordon

--------------------------------------------------
Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC
The REAL office number is here-----> 703.893.4901
Tired of BSODs, My Computer, and Code Red?
http://www.sun.com/solaris/binaries/
-------------------------------------------------