disabling root and olpc passwords
M. Edward (Ed) Borasky
znmeb at cesmail.net
Sat Jan 12 19:45:09 EST 2008
Mikus Grinbergs wrote:
> The 2008-1-12 OLPC News says "... so that we can finally disable the
> root and olpc passwords".
>
> The way I have my G1G1 system set up (I have no wireless) I *need*
> to ftp in. For that, I have set a password for olpc. It would be
> ok with me to set up a different user+password for ftp, but would
> *not* be ok for password support to be "disabled".
>
> Also, I don't believe in the "political correctness" of not using
> root. I do need to install/remove/change things as root, and
> *strongly* prefer not to use 'sudo' for that -- I log in as root,
> and am willing to take the risk of committing a disastrous mistake.
> Here, too, having a password seems "natural" to me.
>
> I agree with the aim of making the OLPC simple to use, but please
> don't take passwords away entirely.
>
> mikus
>
>
> p.s. I presume the existing 'passwd' command was taken from Fedora.
> It is too paranoid, forbidding too_short passwords,
> too_homogeneous passwords, too_similar passwords, etc., etc., etc.
> Such rules may be needed for a datacenter - but for a schoolroom?
>
>
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>
Typical Linux practice is the following:
1. One *never* allows remote shell login as "root" -- *ever* -- even
behind a firewall. One allows only *one* user in the "wheel" group to
log in to a shell account, and then *only* via "ssh".
2. When root access is needed, "sudo" is used, with the least permissive
mode possible.
3. "ftp" is done using "sftp" and/or "scp". For Windows clients, there's
PuTTY.
Anything less than this level of security is a bad habit -- a *very* bad
habit. Please don't encourage such habits, or ask the open source
community to cater to them.
More information about the Devel
mailing list