|
|
disable root, sudoers
The answers to your questions are "no" and "yes."
By default, root is disabled (as indicated by the "*" in the passwd field in the NetInfo database). One suggestion I might make is to go ahead and enable the root user in NetInfo Manager and assign a strong, nontrival password. Then, disable the root user again. This marginally increases the security of your system. But of course, there are many ways to reset the System Administrator's password...
The sudoers file indicates: # User privilege specification root ALL=(ALL) ALL %admin ALL=(ALL) ALLIn other words, anything root can do, an admin user can do.
disable root, sudoers
In other words, anything root can do, an admin user can do. Including becoming root. If you can sudo, you can "sudo -s", which gives you persistent root access. The only advantage is that, if you disable root, you can restrict who is able to sudo. That is, "root" is a guessable user name, but perhaps the single user that you've allowed to sudo is not. Otherwise it appears to be just as much of a security issue. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.08 seconds |
|