[techtalk] Re: techtalk digest, Vol 1 #445 - 11 msgs

Caitlyn Martin caitlynmaire at earthlink.net
Sat May 12 10:48:02 EST 2001


Hi, Linda and everyone else,

> But again, if it is a 'recovery thing' where is the documentation?  Why
> wasn't it clearly in the manual?

Which manual?  There is no "Linux manual" per se.  It depends on how well the
individual distro documents things and writes their manual.  It *is* in the
current Red Hat manual, but isn't in Mandrake's or Caldera's, both of which
have relatively poor documentation.  It's in the man pages as well, which are
standard *nix documentation.

> Why bother having passwords if anybody can get around them?  Don't you think
> that by putting encrypted passwords on a computer one would be led to
> believe that a password was needed to gain entry?  Especially since linux
> makes such a big deal about how secure it is.

You are *way* off base here.  Linux is about as secure as any OS out there.  A
remote user cannot log in using single user mode.  Most businesses have a
computer room to which only authorized people have access.  We use *physical
security* to insure that unauthorized personnel don't get around the passwords.

I work in a major government computer center.  We have badge access (in and
out) as well as genuine real live security personnel.  We use AIX, Solaris,
IRIX, HP-UX, and Linux.  All have this feature, which, as someone pointed out,
is absolutely a requirement to recover a system where the root password has
been lost.  Imagine a user with sudo "all" rights who isn't supposed to change
root does, either deliberately or accidentally.  How do you, as the admin
responsible for that system, get it?   FWIW, on the IRIX I support I do
password protect single user mode, but someone with an IRIX boot CD can get
around that in a heartbeat.

> Yes you can pull out the hard drive and stick it in another machine.  You
> can take a crow bar to my back door and get in my house as well.

Yep.

> But if all your neighbors had a pass key to your house when you bought it
> and you were not told about it wouldn't you feel a bit violated?

You are comparing apples and oranges.  Single user mode is very well
documented.  You just didn't have very good docs or didn't know where to look.

> That is how this is... a hidden way in, and it leads one to wonder what else
> is hidden and why.

Argh!  It *isn't* hidden.  Not at all.

Look, if you know of a better operating system, please enlighten us.  Don't
tell us this is M$ all over again.  It is relatively easy to secure a Linux
box.  It is virtually impossible to secure a M$ one.

Regards,
Caity






More information about the Techtalk mailing list