Project

General

Profile

Actions

Bug #579

closed

root account locking after installation

Added by Peter Ludikovsky over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
2010-12-28
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:

Description

By default the password for the root user is expired instead of a locked account or similar. A regular 'su -' will show a password changing prompt, allowing anyone to set a root password without previous authentication (eg. if a machine is left unattended and unlocked).

Instead the account should be locked or, if not possible due to scripts requiring this state, have a random password (like in Ubuntu), requiring user authentication prior to changing the password.


Related issues

Is duplicate of OpenIndiana Distribution - Bug #636: Fix graphical installer to prevent root password expiringClosed2011-01-16

Actions
Actions

Also available in: Atom PDF