Re: Solaris, Sudo, and locking the root account

From: Blair Barrett (bbarrett@nyis.net)
Date: 09/29/01


Date: Fri, 28 Sep 2001 21:15:05 -0400
From: "Blair Barrett" <bbarrett@nyis.net>
To: focus-sun@securityfocus.com
Subject: Re: Solaris, Sudo, and locking the root account
Message-ID: <GKEGT500.D03@mta01.nyis.net>

I tried locking the root account. I could still log in from the console
in single user mode, text mode, and using CDE. It didn't make any
difference.

I normally remove the setuid bit from /bin/su and /usr/bin/su (chmod 500
allows only the owner (root) to execute su). Then edit /etc/sudoers and
set up access to the /bin/su to members of the sysadmin and/or some
other group and/or specific accounts. Be careful with machines connected
to the Internet especially if you aren't using SSH due to passwords
being transmitted in clear text.

Cheers!



Relevant Pages

  • Re: Password
    ... What is a "password set on single user mode"? ... Yes - grub can be set up to demand a root password in single user mode ... Don't do that because then you don't have a root account any longer. ... Anyway, if I understand it right, you want to delete the root password. ...
    (Ubuntu)
  • Re: Password
    ... start login using this new password. ... This setting is sometimmes not enough if you have a password set on ... What is a "password set on single user mode"? ... Don't do that because then you don't have a root account any longer. ...
    (Ubuntu)
  • Re: SINGLE_USER
    ... > Why in single-user mode I have direct acces to the root account? ... Because it is useful to be able to log in as root in single user mode. ...
    (freebsd-questions)
  • Re: Password Aging and System Accounts
    ... On MacOS X the root account is locked by default! ... > the system in single user mode anyway. ... root's password aging pilicies are ignored in Darwin/MACOSX... ... Robert Frank ...
    (comp.security.unix)
  • Re: Password Aging and System Accounts
    ... On MacOS X the root account is locked by default! ... > the system in single user mode anyway. ... root's password aging pilicies are ignored in Darwin/MACOSX... ... Robert Frank ...
    (comp.unix.admin)