On Sunday 17 Jan 2010 20:56:31 genericmaillists@xxxxxxxxx wrote:
>
> I will never use any of the Ubuntu distros because they pose a
> security risk having the root account tied directly to the first user
> account. Once an intruder breaches that user account the entire OS is
> compromised.
> ___________________________________________________
> This message is from the kde mailing list.
> Account management: https://mail.kde.org/mailman/listinfo/kde.
> Archives: http://lists.kde.org/.
> More info: http://www.kde.org/faq.html.
>
All that is necessary to allay your fears is to activate the root account, and
disable the special privileges for the the first user account.
Warning: if you are one of those who hate and fear the command line, then this
is not for you - if in doubt don't. In any case read the man pages for
'passwd',' sudo' and 'visudo'. You will need to know how to use a command line
text editor such as vi.
Firstly, activate the root account:
At a TERMINAL, enter sudo su. This will give you an all powerful root shell.
Make a copy of the /etc/passwd file as /etc/passwd.orig
Use vi to edit the /etc/passwd file. The first entry is for the root account.
At the end you will find an entry like "/bin/false". Change to
/bin/bash and save.
You will now have an active root account but WITHOUT a password.
Use the 'passwd' command to set a root password.
Check that everything works. At a fresh terminal, enter su
You will be prompted for the root password, and if all is OK, you will have a
nice root shell.
Unless you are perfectly satisfied with the results so far - go no further.
Now you can disable the special privileges of the first user.
In a ROOT shell, run the command visudo. Comment out the line containing the
name of the first user. Save and exit.
Now the first user has no special privileges.
If you wish to restore privileges in the future, just uncomment the line.
As an extra precaution, disable direct root logins at a console by making sure
that there are no entries in the /etc/securetty file. This means that to get a
root shell, a user must sign in with his/her own password combination and then
'su' to root. Thus instead of one piece of information, three are need to get
root access.
Also if you have an SSH remote login, ensure that the configuration is set to
forbid root logins.
Hope this helps
Basil Fowler
___________________________________________________
This message is from the kde mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.
