|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts here. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ask for root password | dave123 | Shell Programming and Scripting | 8 | 01-22-2008 07:09 AM |
| I need it to prompt me for a root password, so I don't have to log as root | lunchtime | UNIX for Dummies Questions & Answers | 2 | 06-25-2007 12:21 PM |
| how to access root priveliges if root password is lost | wojtyla | Linux | 1 | 02-18-2005 03:24 AM |
| Lost root password / Can't login as root | Perderabo | Answers to Frequently Asked Questions | 0 | 06-22-2004 04:40 PM |
| No root password | cyno | UNIX for Dummies Questions & Answers | 6 | 08-14-2002 09:57 PM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Search this Thread | Display Modes |
|
#8
03-21-2002
|
|||
|
|||
|
ok looks like my unix administrator "forgot" to tell me that he changed the root passwd.
thanks to everyone for your help anyway. looks like rebooting the server in single-user mode is a major security hole if the user can change the password without being asked for the old passwd. something im going to have to look into. Also curious about remote login and the .rhost files. anyway, thanks again everyone. 
|
| Forum Sponsor | ||
|
|
|
#9
03-21-2002
|
||||
|
||||
|
It is not a security hole to be able to change the root password when you have physical access to the machine and the console.
If someone wanted to change the password and have physical access to the machine, there are so many ways to do it that it would take lots of discussions to list them all  When servers require physical security then they are placed in locked rooms with access controls. Security is risk management centric and if your server is so critical that it needs to be protected from workers and admins, then you need a physical security policy and access control safeguards.
|
|
#10
03-21-2002
|
||||
|
||||
|
Security hole
Your SysAdmin, if they are worth their salt, should know all of this already, but I will say it anyway.
Here are some ways to protect against rebooting to single user mode. This is only a problem if the box is logged in as root. It is a company policy where I work to not have root logged in at the console. This prevents prying eyes. Also, if the box is not physically secure, ie in a locked room, then you will always have a chance where someone can power off and power on the box to get it to single user mode that way. The shutdown command should be only allowed for root user, so if the box is not logged in then you shouldn't have a problem with that. This procedure of rebooting to single is not a security hole, and there is no way to prevent it except having your server in a locked room with root logged out of the console. We have a key card access to our data centers. With regard to .rhosts, it CAN be a security hole if users have one in their home directories to allow outside users onto the box. Again, we only use .rhosts on secure hosts that are trusted inside a firewall. Also, I usually disable it, (comment out the lines in the file), when it is not in use just as a precaution. But when used properly, .rhosts can be an asset. 
__________________
My brain is your brain
|
||||
| Google The UNIX and Linux Forums |
Linear Mode
