RE: Solaris, Sudo, and locking the root account

From: Geoff Collis (
Date: 09/28/01

Message-ID: <>
From: Geoff Collis <>
To: "'Gordon Ewasiuk'" <>,
Subject: RE: Solaris, Sudo, and locking the root account
Date: Fri, 28 Sep 2001 11:53:41 -0700


I normally do not lock the root account, but I do restrict who knows the
password, and by convention everyone uses "sudo -s" to gain root access.
Yours is an interesting question, lets see what others say.

FWIW: depending on how brave you are, you can *avoid* the fsck by changing
its options. Usually you have no choice than to run "-y" anyway! :-)

I usually change the /sbin/rcS file as follows:
# diff rcS /sbin/rcS
< #
< # Modified to do "fsck -y" of file systems (local hack)
< ufs) foptions="-y"

>                       ufs)    foptions="-o p"

Then you never get asked, either it works or its time to reinstall! :-)

- Geoff -----Original Message----- From: Gordon Ewasiuk [] Sent: Thursday, September 27, 2001 10:27 AM To: Subject: Solaris, Sudo, and locking the root account

Hi All,

What is the general feeling towards locking the root account on Solaris when using sudo? We use sudo on Solaris everwhere and lock the root account. This forces all users to sudo -s for a root shell - BUT - after an abnormal shutdown, if a filesystem comes up dirty, it might need a manual fsck pass. This, of course, requires the root password to enter maint. mode.

I've got no problems booting from a CD, mounting the root FS, and unlocking/NP the root acct but a veteran sysadmin kinda looked at me funny when I explained it to him.

Is this a standard practice or making more trouble then it's worth?



-------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? -------------------------------------------------