Re: [cobalt-users] Question: Will making root pword diff from admin cause trouble?

[Diana Brake <diana@xxxxxxxxxxxxx>]

At 02:52 PM 7/23/01, you wrote:
> "Peter Low" <peterlow@xxxxxxxxxxxxxxxxxx> wrote:
> > At 03:17 PM 7/20/01 -0400, you wrote:
> > >"Michael" <mike@xxxxxxxxxx> wrote:
> > > > Quick question. In order to beef-up security I changed the root
> > > > password to something different from the admin password.
> > > > I did this in an ssh shell.
> > >
> > >Smart move.  It doesn't break the GUI, works great, advantages = ALL,
> > >disadvantages = NONE.
> >
> > I don't know if anyone else has pointed this out yet (emails seem to take
> a
> > long time to post to the list), but if someone changes the admin password
> > through the GUI, the root password is set to the new admin
> > password.  Changing the root password may not provide as much security as
> > you think.
>
> Right.  The original poster knew that and stated as much.  It's a false
> sense of security unless you move the GUI to a new hard to guess location.
> A quick edit of srm.conf and Apache restart and you're good to go.  If
> someone wants to get into your box and has the skills they probably will,
> but if they just want to get into *a* box, then perhaps a little added
> security will help them decide to knock somewhere else.
>
> --
> Steve Werby
> President, Befriend Internet Services LLC
> http://www.befriend.com/

Hi as one further step towards security, you can also take away the admin 
user's shell access. This means that even if the password is reset through 
the GUI, thereby making it the same as root's again, the admin account 
still _cannot_ get to the shell...not that someone can't do tons of damage 
through the GUI.

Diana
Crest Communications, Inc.		diana@xxxxxxxxxxxxx
Beautiful Sunny Florida		http://crestcommunications.com/
352-495-9359, 425-732-9785 fax