[PATCH] su: support denying accounts with blank password
Alain Mouette
alainm at pobox.com
Thu Oct 1 18:42:40 UTC 2015
Why would you want to completely disable root login?
If it is a security feature, how can it be used? It can be interesting
to avoid escalating priviledges, but then how to to administrative
tasks? (assuming ssh root login is disabled too)
Thanks,
Alain
On 01-10-2015 14:39, Denys Vlasenko wrote:
> I tested
>
> $ su --version
> su (GNU coreutils) 8.17
>
> and it allows su to root w/o asking for password if it is null.
>
> busybox does the same.
>
> If there is the need to disallow people to be able to log in as root,
> you should set root password.
>
> If you set password hash to an invalid hash, you can even make people
> to be unable to ever login as root - there is no valid password then
> (passwd -l does this).
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
>
More information about the busybox
mailing list