On Tue, Nov 26, 2019 at 09:45:44AM +0100, Dominique Martinet wrote: > FWIW this has happened at an association I help at -- they had VMs with > no root password set, and users created by puppet some of whom have > sudo. > They just expected no root password = no login possible, but it turns > out 'su' just gave out a root shell with no password entered... > > It's easy to fix once I realized that, but it had been that way for > quite a while until then; I'd definitely support removing nullok on the > default install. At least with Fedora 31 the root-Password is invalid by default, so I guess it has been set to an empty password explicitely. I'd classify this more as a bug in the puppet-scripts, as it sounds like it touched security relevant stuff on installation, without admins being aware of it. All the best, David
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
