Ridding myself of root passwords?

Lonnie Olson lists at kittypee.com
Tue Feb 4 09:16:26 MST 2014


On Mon, Feb 3, 2014 at 8:41 PM, Jima <jima at beer.tclug.org> wrote:
> Since I haven't seen anyone address it, you probably don't want to
> completely invalidate root's password, on the off-chance the system ends up
> booted into single-user mode (e.g., in the event an at-boot fsck softfails).
> Sure, there are ways around it (booting with init=/bin/sh for instance), but
> it's something to keep in mind.

I disagree.  The security benefits of disabling root by far outweigh
the drawbacks of the rare occurrence you speak.  Also, as you already
mentioned, the solutions are simple and many.

In addition, disabling root enforces good admin practice.  Admins
should not use a single shared account (root, Administrator, etc).
This enables better authentication, authorization, and accounting.
Enables simple, non-intrusive disabling of an administrator's access
should they leave the company.  And many others.


More information about the PLUG mailing list