[PATCH] su: support denying accounts with blank password
Natanael Copa
ncopa at alpinelinux.org
Mon Oct 12 10:07:22 UTC 2015
On Thu, 1 Oct 2015 19:39:00 +0200
Denys Vlasenko <vda.linux at googlemail.com> wrote:
> I tested
>
> $ su --version
> su (GNU coreutils) 8.17
>
> and it allows su to root w/o asking for password if it is null.
>
> busybox does the same.
su was removed from GNU coreutils since 8.18:
http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commit;h=928dd73762e69cfeaab4a7ec9dd8f30f86a45ed4
It says that util-linux is the new place for it.
> If there is the need to disallow people to be able to log in as root,
> you should set root password.
>
> If you set password hash to an invalid hash, you can even make people
> to be unable to ever login as root - there is no valid password then
> (passwd -l does this).
And what if you need remote root users to log in with ssh key for
remote administration but in emergency situations you need a local
technician to log in locally?
Do you recommend using a default password? eg user 'root', password
'admin'?
How do you then ensure that the privilege separation is effective?
Daemons runs as non-root for a reason: if the service gets compromised
they get only limited access. If a compromised service can just su and
pass a default password, why bother running the service as different
user in first place?
-nc
More information about the busybox
mailing list