> > One of the things I have learnt over the last two decades > administrating Unix and Linux systems, is that sometimes > there can be such a thing as too much security. I have > had intel based pc systems that were hardened so much that > even with physical access to the system it took a drill > to remove the case locking mechanism in order to access > the motherboard to erase the bios password before being able > to boot with a recovery disk. Once the recovery disk was > loaded I was able to change the "admin" users password to > gain access to the system, after the customer "lost" the > password, when an employee left. On that system I had > disabled root from being able to be logged in from all tty's > and the console, only the "admin" user was able to log in > from the console. That customer opted for less security on > the next system. > > If you want that kind of security, get a good steel case > and check out the Bastille Linux project. t reminds me of a day that will live in infamy when not realizing that they were using shadow passwds I erased the x in the passwd field of the root account. That cause the company I was consulting for $1,500. I know it was a zenith of my stupidity that day and it was on an At&T Unix box that had no way to boot to run level 1. I did a similar thing recently on an OS X box where booting to run level 1 is possible. That will teach people to allow me to administer an OS X box with mysterious commands that are not reversible. I am really not that incompetent but never try to administer a machine you do not understand. -- ------------------------------------------- Aaron Konstam Computer Science Trinity University telephone: (210)-999-7484