On Saturday 06 December 2008, Fred Silsbee wrote: >--- On Sat, 12/6/08, Todd Zullinger <tmz@xxxxxxxxx> wrote: >> From: Todd Zullinger <tmz@xxxxxxxxx> >> Subject: Re: root in FC 10 >> To: fedora-list@xxxxxxxxxx >> Date: Saturday, December 6, 2008, 12:04 AM >> >> Gene Heskett wrote: >> >>Disabling root login is a common security practice. >> >> Sounds like it's >> >> >>been disabled by default in F10. That's got to >> >> be a good thing. >> >> > Apparently so, but then the install doesn't add >> >> the one user it asks >> >> > you to define to the sudoers file, and to fix that >> >> requires a reboot >> >> > to single mode. >> >> No it doesn't. You run "su -c visudo" and >> add the user you want. And I'll repeat myself one more time here folks, it asked for the root passwd when I tried that, but no root passwd had been set during the install. The only user defined had a passwd ok, but the error message when I was that user, and used that users passwd was "not in sudoers file, permission denied". I tried to use as few multiple syllable words as I could, so I hope I have made myself clear as there seems to be a general and widespread air of disbelief here. That was not the command I issued that spit that back at me, but I don't think the command is germain to this discussion. In fact it was my attempt to vim ifcfg-eth0 to fix the networking that wasn't that brought this to my attention. I couldn't save the changes as the only user, and sudo denied the only user because there weas no entry in the sudoers file for that user. Ergo there was no way I could effect the required config changes without rebooting to single mode. Maybe there is a better, more "politicaly correct" way to do it, but a reboot to single mode has been my preferred choice since I installed RedHat 5.0 a decade plus back up the log. I *know* that works. Now, is that clear enough to convince "Houston" that we have a problem? >> -- >> Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: >> www.pobox.com/~tmz/pgp >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> The best advice I can give is to ignore advice. Life is too >> short to >> be distracted by the opinions of others. >> -- Russell Edson >> >> -- >> fedora-list mailing list >> fedora-list@xxxxxxxxxx >> To unsubscribe: >> https://www.redhat.com/mailman/listinfo/fedora-list >> Guidelines: >> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines > >disabling root access is what the root password is for > >I've been logging into root for 11.5 tears on Linux alone without problems > >It is dumb to make it impossible for everybody. > >I understand this disablement can be removed by doing something in pam.d or > whatever it is. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Taxes, n.: Of life's two certainties, the only one for which you can get an extension. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
