root password in a .py script

Cameron Laird claird at lairds.com
Fri Mar 12 22:03:03 CET 2004


In article <c2t43d$4od$1 at solaris.cc.vt.edu>,
Bart Nessux  <bart_nessux at hotmail.com> wrote:
>Kirk Strauser wrote:
>> 1) Why do you ever use the root password under OS X?  There's really nothing
>>    that you can't do using 'sudo'.  I literally *never* log in as root on an
>>    OS X machine.
>> 
>> 2) Out of curiosity, why are your users disabling ssh?  If they're
>smart enough
>>    to do that, aren't they smart enough to disable your script?
>> 
>> 3) Why would you store the unencrypted root password?  The 'chpass -a'
>>    command lets (actually, requires) you to specify an encrypted password.
>>    Store that in your script if you must.
>> 
>> 4) Get a 2x4, paint it black and write the word "LART" on it in blood red,
>>    and tell your users to quick changing stuff or you'll have to schedule
>>    them for "an adjustment".  Follow through once or twice if necessary.
>
>1. To administer the machine.
>2. All they have to do is click a check-box to disable ssh in OSX.
>3. I didn't know about chpass.
>4. We're informal. Admins are noramlly only called when the user has 
>*really* messed something up. We put out their fires. When we try to 
>stop them from creating fires, we become over-bearing and controlling... 
>  classic admin/user relationship.
>

I'm finally getting the picture.  You're talking about putting this
script on all two hundred desktops, aren't you?  Yes, I agree with
the others whose follow-ups have claimed this is the near-equivalent
of writing root's password on a poster in the machine room.

In regard to 2., "All they have to do is click a [different] check-
box to disable" *all* inbound connections; or ...  Well, you know
your users better than I do.  You certainly can stuff entries in
hosts' crontabs without leaving a record of the root password, though.
-- 

Cameron Laird <claird at phaseit.net>
Business:  http://www.Phaseit.net



More information about the Python-list mailing list