Root Access

Robert L Cochran cochranb at speakeasy.net
Mon Jun 15 21:38:44 UTC 2009


The "locked box" approach is probably not used in very large 
enterprises. At least not where I work (> 100,000 employees, > 98,000 
Tier 3 workstations.)

Bob


On 06/15/2009 03:14 PM, Phil Meyer wrote:
> Mike Dwiggins wrote:
>> I installed Fedora 11 on a dual-boot machine.  When I booted up on 
>> the Fedora partition I went straight to /etc/pam.d/gdm and deleted 
>> the line which keeps out root as a login.
>> I still cannot login as root!  Did this version hide a block on root 
>> somewhere else?
>>
>
> Many have answered properly here, but it may not be common knowledge 
> how it is done professionally in large shops.
>
> In most big data centers, the root password is not known to anyone, 
> but is kept in a sealed envelope in a locked drawer at the operations 
> center, which is manned 24x7.  It takes manager approval to open the 
> desk, lock-box, envelope, and get the root password.
>
> Consider that, next time you 'think' you need to log in as root.  I 
> personally have administered UNIX/Linux systems for years at a time 
> without ever typing the root password, or logging in as root.
>
> During automated installs, and all large shops do/should be doing 
> automated installs, the root password is set.
>
> Management, and the operations staff can set the root passwords across 
> all systems at once, and without notice to me or any other administrator.
>
> In fact, normal users cannot log into most systems, and administrators 
> can only log in remotely with ssh keys (no passwords) to the systems 
> that they administer.
>
> Just a thought.  It was never intended that casual users ever log in 
> as root on any UNIX based system, and should have been less prevalent 
> on Linux for many years.
>
> I myself, felt it necessary to log in as root on Linux systems for one 
> post install session, up until about Fedora 2.  But not since then.
>
> Good Luck!
>




More information about the fedora-list mailing list