|
|
Root, su, sudo...
|
|
|
|
Fresh-Faced Recruit
Join Date: Aug 2002
Location: Concord, CA
Status:
Offline
|
|
Ok I am not too familiar with unix so please bear with my ignorance...
Is it just me, or it seems any user with GID = 0(wheel), 20(staff), 80(admin) can change the root password?
And for sudo, does it ask specifically for the root password or anything else? I typed in my OWN password and it worked...? (No I am not logged in as root)
What are the differences between group Admin and Wheel?
And lastly...how can I disable root-ssh-ing? (Disable root to log in from remote)
Thanks...
Daytona
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Location: Boston
Status:
Offline
|
|
Root is disabled in OS X and any user with Administrator privileges can execute commands requiring root permissions using sudo and their own password.
You can enable the root user a couple ways --check MacOSXHints -- and I had it enabled for a while. After over a year of using OS X, though, I can't think of a valid reason to enable it unless all you do is install software with fink or something. sudo pretty much does everything you need.
As long as you haven't enabled the root user, you can't ssh in as root--only as a user with Administrator privileges.
|
I'm Course VI
|
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2000
Status:
Offline
|
|
Root's enabled, but its password is set to *, preventing traditional root logins. You can still get a root shell by typing 'sudo -s' at the prompt.
Users created in System Preferences and designated administrators are added to three groups: staff (20), admin (80) and wheel (0). Non-admin users are in staff only. If you're creating other accounts on your machine, and fear they might damage the system, don't give them admin accounts. Users in admin and wheel can execute sudo; users in staff alone cannot.
If you want to be extra careful about disabling root ssh logins, edit your /etc/sshd_config file. Look for this line:
PermitRootLogin yes
and change it to read
PermitRootLogin no
It looks like the creator of the file was careful to keep the width under 80 characters, so you can edit it safely with pico, if you must.
Once you made your changes, save the file, and restart your ssh server, if you've got it running. The easiest way to do this is simply to open the Sharing pane of System Preferences, and uncheck "Allow Remote Login", wait for it to shut down ssh, then click it again to start it up.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Caracas, Bolivarian Republic Of Venezuela
Status:
Offline
|
|
Originally posted by Daytonaaaaa:
Is it just me, or it seems any user with GID = 0(wheel), 20(staff), 80(admin) can change the root password?
By default, users in the admin group (80) have access to sudo.
Check out the 'visudo' command.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
You don't have to enable anything. If your user is in the group wheel, you could always do either
sudo -s
or
sudo su
You only need the password of the user who is in the group wheel (i. e. the user that is logged in).
Works for me (I don't see any reason, why I would need a graphical login as root).
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|