[EMAIL PROTECTED] wrote:
On Fri, Nov 25, 2005 at 01:33:34PM +0200, Maxim Vexler wrote:
On 11/25/05, Robert Brockway <[EMAIL PROTECTED]> wrote:
Anyone wanting to lock the root account (not a good idea IMHO) should have
a root enabled session (sudo, su or whatever) put to the side and not
touched during the procedure. This session would be used only to reverse
the procedure if it was found that establishing superuser privs was no
longer possible in new sessions.
In the worst case, couldn't someone just boot from a livecd, run
[passwd root], then [cat /etc/shadow | grep root] on the livecd and
finally simply copying that entry into the locked out system shadow
file ?
That's doing it the hard way. Just pass "init=/bin/sh rw" to the kernel
with your bootloader, and do:
# passwd root
# mount -o ro,remount / && reboot
If your bootloader has a password and you've lost that, you can use a
boot disk, but you still shouldn't muck around with the passwd & shadow
files directly, probably ever. Just mount the root filesystem and
chroot /mnt passwd (or visudo) as root.
Well, to hack a PC with physical access is easy.
That is why i'm krypted my hd with blowfish-256.
It will take thousands of years to hack :-)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
