On Tue, 2019-11-26 at 08:14 -0800, Adam Williamson wrote:
On Tue, 2019-11-26 at 09:45 +0100, Dominique Martinet wrote:
> Adam Williamson wrote on Mon, Nov 25, 2019 at 03:55:28PM -0800:
> > I gotta say +1 too. I don't buy that there's a significant
'hardening'
> > benefit worth all the effort mentioned in the Change *plus* the
> > additional consequences Kevin and Martin pointed out. At minimum I'd
> > like to see a much more convincing case that people are creating users
> > without passwords without understanding what they're doing.
>
> FWIW this has happened at an association I help at -- they had VMs with
> no root password set, and users created by puppet some of whom have
> sudo.
> They just expected no root password = no login possible, but it turns
> out 'su' just gave out a root shell with no password entered...
Uh. This sounds odd. How exactly did they do this? Making a root
account with no password is not that easy; you can't do it
interactively through anaconda, I don't even know if you can do it with
a kickstart. So they figured out how to do it post-install but somehow
didn't at the same time figure out what doing it means?
Never mind, I see this was answered already.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net