Re: Changing root's password
From: Lew Pitcher (Lew.Pitcher_at_td.com)
Date: 10/27/04
- Previous message: Dave Hinz: "Re: Changing root's password"
- In reply to: Ken: "Changing root's password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 27 Oct 2004 15:14:18 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ken wrote:
> I just noticed on a new Linux system that we got at work that if you
> try and change root's password as root, it does not ask you for root's
> current password before allowing the new one to be entered. I thought
> this might be something with Linux until I realized that our Solaris
> servers are the same way. Is there a reason for this? It seems
> terribly unsecure. Of course people should be either only logged in
> as root when necessary or locking their workstations, but still.
As root is already all-powerful, it's difficult to prevent him from
making direct modifications on the password database (/etc/passwd,
/etc/shadow, or the more sophisticated password management systems like
PAM).
Basically, if you have gained root access, then there's no effective
block against root's updating the password, and thus it is redundant and
unnecessary to validate root's current password.
- --
Lew Pitcher, IT Consultant, Enterprise Data Systems
Enterprise Technology Solutions, TD Bank Financial Group
(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
iD8DBQFBf/OGagVFX4UWr64RAtsvAJ9hqyGek6CF7TzmX2m6W4GpKAdmBQCfYAtg
wGegLX1fq9x6oHe5eqClkmY=
=ouAm
-----END PGP SIGNATURE-----
- Previous message: Dave Hinz: "Re: Changing root's password"
- In reply to: Ken: "Changing root's password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
