On Sat, 17 Dec 2005, Jude DaShiell wrote: > The analysis is flawed. A machine with 99 user accounts on it and a root > account with only one line in /etc/suauth with one user account on it > presents a hacker with 98 decoys and one hackable account. The hacker has to > go to the trouble of stealing a user account password not a root account > password and that is more difficult to do. I fail to see why you don't understand the problem you would create. Essentially, you would be saying that any of your 99 users may su to root without knowing the root password. Any one of them could now do whatever they want without having to put forth any effort at all. The hacker could be one of your users. If you are so concerned with the root password getting out on the Internet, then you would be much better off forbidding the use of the su command entirely, or at least blocking attempts to su to root. No ordinary user should be using it anyhow. While you are at it, prevent root logins via SSH. You can't do administration anywhere except the console this way, but it's a lot better than opening up your machine to anybody who just happens to try to su to root.
