On 3 February 2015 at 10:31, Always Learning <centos@xxxxxxxxxxx> wrote: > If testing then a one character password is very acceptable to me. Why > should some arrogant nutter impose an arduous ultra secure password when > a simple one character password will suffice ? Who knows the machine, > the deploying environment and the circumstances better ? The user or > some anonymous and arrogant nutter perhaps many thousands of miles (or > kilometers) away ? I know its hard to believe, but you are not the only one using this OS. There are a broad range of users with a broad range of experience using the OS in a broad range scenarios. One important group is new users with limited experience and knowledge about security. This is an important group to protect. More experienced users understand this and put up with, or work around, the occasional inconvenience. This is not arrogance, this is about being a responsible member of a community. It is important for all of us to encourage (and discuss) good security practices, as well as discourage (and refute) poor practices. Ultimately, this make our community a safer place. It is my, perhaps naive, hope that members of our community are Always Learning about good security practices and emerging threats to the OS. The root password is close to, if not actually, our last line of defense (SELinux helps us here by the way). Using a one character password is problematic if you are connected to the internet, for example, if you are _testing_ the OS and want to run updates after the install. This is problematic since, by default, new installs typically allows SSH access and root logins over SSH. Yes, firewalls help, but they need to be configured correctly, and there are subtle tricks that sophisticated attackers can exploit to subvert poorly configured firewalls. If you really want to do this, I'd suggest running your test system in some kind of DMZ to prevent any exploit cascading into the rest of your network. It may just be easier to pick a "good" but easy to type root password that you use for all your test machines. Also, its a good idea to make sure you always turn off your test machines when not in use, and to disable them once you are finished testing (so they can't be accidentally turned on in the future). Hope this helps. Kal _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos