[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] pro's and cons of not letting GUI change root password
- Subject: Re: [cobalt-security] pro's and cons of not letting GUI change root password
- From: "Jelmer Jellema" <cobalt@xxxxxxxxxxxxxxx>
- Date: Sat, 2 Mar 2002 12:31:54 +0100
- Organization: Spin in het Web (www.spininhetweb.nl)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
----- Original Message -----
From: "Mat Schaffer" <mschaffer@xxxxxxxxxxxxxxxxxxx>
> -----Original Message-----
> From: Jelmer Jellema [mailto:cobalt@xxxxxxxxxxxxxxx]
> Sent: Thursday, February 28, 2002 19:42
> - Will the button on the frontpanel still work, as to reset the root
> password? Or is this only for admin?
>
> ----------------------------
>
> AFAIK, the button will reset both passwords.
> -Mat
Nope, I checked it: it resets admin and blocks root, waiting for the admin
to change the password thru the gui, which changes / changed (depending on
the proposed change) the root password also.
So my proposal is now:
- comment out the line in the admin script that changes the root password
when the admin password is changed
- change the pwreset script to reset the root password also, or (better,
maybe) set it to some well known password that is just a bit better than
anyone being able to perform su without typing anyting.
Jelmer