The "locked box" approach is probably not used in very large
enterprises. At least not where I work (> 100,000 employees, > 98,000
Tier 3 workstations.)
Bob
On 06/15/2009 03:14 PM, Phil Meyer wrote:
Mike Dwiggins wrote:
I installed Fedora 11 on a dual-boot machine. When I booted up on
the Fedora partition I went straight to /etc/pam.d/gdm and deleted
the line which keeps out root as a login.
I still cannot login as root! Did this version hide a block on root
somewhere else?
Many have answered properly here, but it may not be common knowledge
how it is done professionally in large shops.
In most big data centers, the root password is not known to anyone,
but is kept in a sealed envelope in a locked drawer at the operations
center, which is manned 24x7. It takes manager approval to open the
desk, lock-box, envelope, and get the root password.
Consider that, next time you 'think' you need to log in as root. I
personally have administered UNIX/Linux systems for years at a time
without ever typing the root password, or logging in as root.
During automated installs, and all large shops do/should be doing
automated installs, the root password is set.
Management, and the operations staff can set the root passwords across
all systems at once, and without notice to me or any other administrator.
In fact, normal users cannot log into most systems, and administrators
can only log in remotely with ssh keys (no passwords) to the systems
that they administer.
Just a thought. It was never intended that casual users ever log in
as root on any UNIX based system, and should have been less prevalent
on Linux for many years.
I myself, felt it necessary to log in as root on Linux systems for one
post install session, up until about Fedora 2. But not since then.
Good Luck!
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
