root password


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting root password
# 8  
Old 03-21-2002
ok looks like my unix administrator "forgot" to tell me that he changed the root passwd.

thanks to everyone for your help anyway.

looks like rebooting the server in single-user mode is a major security hole if the user can change the password without being asked for the old passwd.

something im going to have to look into. Also curious about remote login and the .rhost files.

anyway, thanks again everyone.
# 9  
Old 03-21-2002
It is not a security hole to be able to change the root password when you have physical access to the machine and the console.

If someone wanted to change the password and have physical access to the machine, there are so many ways to do it that it would take lots of discussions to list them all Smilie

When servers require physical security then they are placed in locked rooms with access controls.

Security is risk management centric and if your server is so critical that it needs to be protected from workers and admins, then you need a physical security policy and access control safeguards.
# 10  
Old 03-21-2002
Security hole

Your SysAdmin, if they are worth their salt, should know all of this already, but I will say it anyway.

Here are some ways to protect against rebooting to single user mode.

This is only a problem if the box is logged in as root. It is a company policy where I work to not have root logged in at the console. This prevents prying eyes.

Also, if the box is not physically secure, ie in a locked room, then you will always have a chance where someone can power off and power on the box to get it to single user mode that way.

The shutdown command should be only allowed for root user, so if the box is not logged in then you shouldn't have a problem with that.

This procedure of rebooting to single is not a security hole, and there is no way to prevent it except having your server in a locked room with root logged out of the console. We have a key card access to our data centers.


With regard to .rhosts, it CAN be a security hole if users have one in their home directories to allow outside users onto the box. Again, we only use .rhosts on secure hosts that are trusted inside a firewall. Also, I usually disable it, (comment out the lines in the file), when it is not in use just as a precaution.

But when used properly, .rhosts can be an asset.





Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Can a root role change the root password in Solaris 10?

i do not have root on a solairs 10 server , however i do have the root role, i was wondering if I can change the root password as a a role with the passwd command? I have not tried yet. and do i have to use the # chgkey -p afterwards? i need to patch is why i am asking. thanks (1 Reply)
Discussion started by: goya
1 Replies

2. Ubuntu

Root access that can't change root password?

We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will... (2 Replies)
Discussion started by: 244an
2 Replies

3. Solaris

Lost Root Password on VXVM Encapsulated Root Disk

Hi All Hope it's okay to post on this sub-forum, couldn't find a better place I've got a 480R running solaris 8 with veritas volume manager managing all filesystems, including an encapsulated root disk (I believe the root disk is encapsulated as one of the root mirror disks has an entry under... (1 Reply)
Discussion started by: sunnyd76
1 Replies

4. Solaris

Solaris 8 - Asks for current root password when trying to change root password.

Hello All, I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies

5. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

6. HP-UX

Root Password

Hi all, I am changing the root password periodically from eg: password01 to password02. However, I can still use password01 after it is changed, it seems that it only authenticates up the first few characters. Please can someone let me know how I can fix this. Thanks Ryan (1 Reply)
Discussion started by: macgre_r
1 Replies

7. Linux

root password

Hi everybody: I have a problem. How does it possible that when I type the root password on terminal, later write: su password: ****** System recognize the password, but when a I use the GUI environment, the system does not recognize it. Any suggestion. :o Thanks in advance. (2 Replies)
Discussion started by: tonet
2 Replies

8. UNIX for Dummies Questions & Answers

I need it to prompt me for a root password, so I don't have to log as root

Hi folks, I'm trying to install a program, and I want to place some of the executables into /usr/bin so that they can be executed from any folder on the computer. I've been giveng the root password, but told never to log in directly as root. Instead, I can wait for a password prompt. However, I... (2 Replies)
Discussion started by: lunchtime
2 Replies

9. Linux

how to access root priveliges if root password is lost

wish to know how to access root password it root password is forgotten in linux (1 Reply)
Discussion started by: wojtyla
1 Replies

10. Answers to Frequently Asked Questions

Lost root password / Can't login as root

We have quite a few threads about this subject. I have collected some of them and arranged them by the OS which is primarily discussed in the thread. That is because the exact procedure depends on the OS involved. What's more, since you often need to interact with the boot process, the... (0 Replies)
Discussion started by: Perderabo
0 Replies
Login or Register to Ask a Question