On Thu, Apr 3, 2014 at 2:46 PM, Przemek Klosowski <przemek.klosowski@xxxxxxxx> wrote: > On 04/03/2014 10:32 AM, quickbooks office wrote: > > "3.1.4.2.2. Disabling Root Logins > > To further limit access to the root account, administrators can > disable root logins at the console by editing the /etc/securetty file. > > This is done in the name of accountability, by forcing an administrative > login through an account attributable to a specific person. This, however, > only makes sense if there _actually_are_ such individual accounts on the > system. > > Would this proposal be acceptable if it wasn't implemented if 'root' is the > only account? > > I personally don't think even such amended proposal is a reasonable default > configuration, because systems authenticating against a domain, and having > only one local (root) account, could lock the admin out if something happens > to the network or to the domain server. > It's worse: the admin could lock themselves out just by creating another user account. --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
