root password in a .py script
Cameron Laird
claird at lairds.com
Fri Mar 12 16:03:03 EST 2004
In article <c2t43d$4od$1 at solaris.cc.vt.edu>,
Bart Nessux <bart_nessux at hotmail.com> wrote:
>Kirk Strauser wrote:
>> 1) Why do you ever use the root password under OS X? There's really nothing
>> that you can't do using 'sudo'. I literally *never* log in as root on an
>> OS X machine.
>>
>> 2) Out of curiosity, why are your users disabling ssh? If they're
>smart enough
>> to do that, aren't they smart enough to disable your script?
>>
>> 3) Why would you store the unencrypted root password? The 'chpass -a'
>> command lets (actually, requires) you to specify an encrypted password.
>> Store that in your script if you must.
>>
>> 4) Get a 2x4, paint it black and write the word "LART" on it in blood red,
>> and tell your users to quick changing stuff or you'll have to schedule
>> them for "an adjustment". Follow through once or twice if necessary.
>
>1. To administer the machine.
>2. All they have to do is click a check-box to disable ssh in OSX.
>3. I didn't know about chpass.
>4. We're informal. Admins are noramlly only called when the user has
>*really* messed something up. We put out their fires. When we try to
>stop them from creating fires, we become over-bearing and controlling...
> classic admin/user relationship.
>
I'm finally getting the picture. You're talking about putting this
script on all two hundred desktops, aren't you? Yes, I agree with
the others whose follow-ups have claimed this is the near-equivalent
of writing root's password on a poster in the machine room.
In regard to 2., "All they have to do is click a [different] check-
box to disable" *all* inbound connections; or ... Well, you know
your users better than I do. You certainly can stuff entries in
hosts' crontabs without leaving a record of the root password, though.
--
Cameron Laird <claird at phaseit.net>
Business: http://www.Phaseit.net
More information about the Python-list
mailing list