Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.6: Enable root user on Snow Leopard' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Enable root user on Snow Leopard
Authored by: corienti on Sep 30, '09 02:23:24PM

Glad to see such a refreshing (and correct!) summary.
As long as sudo is configured as it is by default, it's functionally equivalent to having the root account "enabled".

The only other reason worth mentioning to not have root enabled is that if it's enabled and ssh is enabled and the root password is brute-forceable (ie able to be guessed) then a remote attacker is straight in.
Whereas if root is not enabled, even if you have a weak password, the remote attacker first needs to correctly guess or determine your account username, before even having a hope of bruteforcing/guessing the password.

NB, technically the root account is never disabled at all; you merely cannot log into it with a password, as no password is set.
Using "sudo bash" you are running as root. The account is not disabled at all. There is really no such thing as disabling an account on a unix system; just disabling login-by-password.



[ Reply to This | # ]