[Freeipa-users] Administration question: root user
Stephen Gallagher
sgallagh at redhat.com
Wed Jun 6 14:14:48 UTC 2012
On Wed, 2012-06-06 at 06:59 -0700, Joe Linoff wrote:
> Hi Folks:
>
>
>
> I am a newbie so I apologize in advance if this is a silly set of
> questions. I am using FreeIPA 2.1.3 on CentOS 6.2 and am very happy
> with it but I have a couple of questions about root access. When I
> setup my systems, I configured root manually on each of them.
>
>
>
> Does it make sense to define the root user in FreeIPA?
No, this is unsafe. You always want to be able to log in locally as root
if something goes wrong. We specifically exclude 'root' from being
managed by SSSD for this reason.
>
>
>
> Is it desirable from a security and administration perspective?
Absolutely not. Your better bet would be to maintain SUDO rules on each
of the systems instead.
>
>
>
> If it does make sense, is it as simple as adding the “root” user in
> “ipa user-add”?
Please don't :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120606/0e074de3/attachment.sig>
More information about the Freeipa-users
mailing list