Bugzilla – Bug 1213159
[request] Lock root account by default
Last modified: 2024-04-17 15:33:20 UTC
Since MicroOS aims to keep administration as small as possible, it makes sense to consider blocking root account by default. Original comment: https://www.reddit.com/r/openSUSE/comments/14u7ka1/comment/jr60ogz/?utm_source=share&utm_medium=web2x&context=3 P.S. By the way, there have already been similar discussions, but regarding ALP: https://bugzilla.opensuse.org/show_bug.cgi?id=1203978
Investigating
We cannot just look the root account since the default sudo configuration requires you to authenticate as root. If we want to lock the root account we also need to change the sudoers configuration, more exact remove or invert the statment 'Defaults targetpw'. Maybe I'm stating the obvious here but I think it's good to keep it in this report as well.
(In reply to dopice from comment #2) > We cannot just look the root account since the default sudo configuration > requires you to authenticate as root. If we want to lock the root account we > also need to change the sudoers configuration, more exact remove or invert > the statment 'Defaults targetpw'. > > Maybe I'm stating the obvious here but I think it's good to keep it in this > report as well. Thanks for the obvious.. the implimentation in testing right now configures sudo for the wheel group and disables targetpw for the wheel group I keep everything else as the default openSUSE config because a) I'm lazy and b) its easier if Aeon does its own thing without touching the universal defaults.
Current prototype images don't have a root account set