root user

[Chris Green]

On Sun, Jan 01, 2012 at 11:05:49AM -0500, AV3 wrote:
> On Jan/1/2012 6:5435 AM, Earthson wrote:
> >root is disabled, and it does not have a passwd. if you really want to
> >use "root", just set a passwd for it.
> >
> >command:
> >
> 
> 
> You can do this, but it is not a good idea. The major security
> advantage of Unix OS's over Windows is afforded by their disabled
> root accounts inaccessible to outside intruders. Keep it that way,
> unless you have a truly compelling reason to risk your root
> account's security for.
> 
I have never quite followed this security reason for not enabling root.

If someone guesses/finds the "sudo to root" user's password then they
can get to do nasty root things just as easily as if the root account
was enabled and they guess the root password.

To my mind the only major advantage of using sudo rather than having a
root password is simply that it leaves an audit trail of who did what.

A root password actually adds a little security if remote root login is
not allowed, you have to know two passwords, one for a user login and
one for a root login, to get root access.

However, having said all that, for *simplicity* then a user with sudo
access does make support etc. much easier and on single user home Linux
systems that is a major advantage.

-- 
Chris Green