Tiger, Root User, SuperUser, FileVault, and Master Password

Discussion in 'Apple' started by Guest, Aug 23, 2005.

  1. Guest

    Guest Guest

    Hi,

    Can someone explain to me how Tiger works with respect to login
    security and traditional Unix logins? I have a single administrator
    user with filevault turned on. I have also set a master password under
    Security. In terminal, passwd su gives >password for "user" response.

    In checking Apple support for "root user", I get an article which
    states that to enable the root user, use NetInfo under utilities. But
    the Security > Enable Root User option is inactive when I do so.

    Is my single administrator login the actual root user? Then why
    doesn't su - > password for admin login fail due to a rejected
    password? I just want to know if there exists a root user so that I
    can lock it down with a password if necessary.

    Help is appreciated...

    Thanks!
     
    Guest, Aug 23, 2005
    #1
    1. Advertisements

  2. Guest

    Guest Guest

    Got it. I didn't figure "authenticate" was related. Thanks.
     
    Guest, Aug 24, 2005
    #2
    1. Advertisements

  3. Giving a password to root does not "lock it down". To the contrary, by
    default, a Mac OS X system has no root password, meaning _nobody_ can
    log in as root. If you give it a password, then it _is_ possible to log
    in as root. Using administrator authentication or sudo, it is virtually
    never necessary to use root.
     
    Jeffrey Jones, Aug 24, 2005
    #3
  4. Guest

    clvrmnky Guest

    Of course, you will have to remove those non-priv users from the sudoers
    list in some manner, otherwise you haven't changed a thing. Well,
    you've added a super-user account that anyone who gets/steals/guesses
    the password can use, carte blanche, without any auditing.

    For me, it is perfectly reasonable that "mere" Admin users also be given
    the ability to sudo to root when necessary. If you tightly control who
    is an Admin and you do not have a proper root login, then you tightly
    control who can act as root.

    The comment above is absolutely correct: simply giving root a password
    does not add security. In fact, it reduces security. Think of it as a
    master key. Instead of having a single key that opens all doors, why
    not have a few keys distributed to people that open some doors.
    Furthermore, some doors are audited so we know when someone used their
    key to access them.
     
    clvrmnky, Aug 25, 2005
    #4
  5. Guest

    Simon Slavin Guest

    But don't. The root user is disabled when you install Mac OS X and you
    should leave it like that. Enabling the root user is a security risk.
    No. It's just a mundane user who is a member of the 'admin' group.
    Because 'su' doesn't respond to just the root user.

    By the way, for Mac OS, the 'sudo' command is considered more appropriate
    than 'su'. 'su' will still work but presents security risks and can lead
    to accidentally using a command as root when you didn't intend to.
    I already answered this but it's nice to see you're asking the right
    questions.

    Simon.
     
    Simon Slavin, Aug 25, 2005
    #5
  6. Guest

    clvrmnky Guest

    It's not nonsense. Re-read my comments. I'm refuting that enabling the
    root account adds security for most people. This /is/ nonsense. I
    disagree with the idea that the Administrative users on OS X are "mere"
    users. For most people who will have, at most, a handful of accounts it
    makes total sense to leave the damn knobs alone and stay will the
    defaults. If you are the only Admin on your box, how does adding a root
    login and taking away those sudoer privs change anything? It is still
    only a password. Exchanging one password for another does nothing for
    security.

    Better to have a good password that you use everyday as the passkey to
    those rooms you need access to. Change this password regularly as part
    of a sensible routine and you are being as secure as simple
    authentication can let you be.

    It is an established fact that the less time one stays logged in as root
    means fewer catastrophic user error.
    Of course. Mine is often renamed to "help" because that is how I
    learned to do it.

    But we are talking about OS X here, and default settings for most home
    users. Having an "Admin" be able to sudo in is Good Enough. Having the
    primary user of that box be the only Admin is reasonably good practice.
    sudo is your friend. Use it.

    I don't even know what you are arguing about anymore. If you are
    talking about a true multi-user environment then you restrict sudoers a
    lot and keep root absolutely secret except for the Chosen Few. Fine.
    However, in the context of this thread (namely, activating the root
    account on a single OS X box that will have a handful of users, few of
    them ever logged in at the same time) then simply activating root,
    *especially* without restricting sudoers, is just adding yet another
    hole to the system.

    Adding another password does not add security. Putting secure checks
    and balances around who has these passwords does.
     
    clvrmnky, Aug 26, 2005
    #6
  7. Guest

    Guest Guest

    Thanks for the comments guys. In a somewhat-related question, if the
    root user is not enabled, then the OS X install disc cannot be used to
    reset the root password and login to the system with full access
    privilages, Filevault or not. Correct?

    If correct, then that would be a very good reason to leave the root
    login disabled.
     
    Guest, Aug 30, 2005
    #7
  8. Guest

    Dave Seaman Guest

    No, not quite. You can always use the install disk to reset the password
    for any user account, but this will not get you around Filevault.
    The mere fact that assigning a root password opens up a security hole is
    reason enough.
     
    Dave Seaman, Aug 30, 2005
    #8
  9. Guest

    Dave Seaman Guest

    I am not comparing apples and oranges. I am merely stating that the act
    of assigning a root password makes a Mac OS X system less secure than it
    was without a root password.
    You are quite confused if you think I am going to reopen this discussion
    with you.
     
    Dave Seaman, Aug 31, 2005
    #9
  10. Guest

    Simon Slavin Guest

    Mu. The installation disk isn't used to reset the root password.
    You can use it to reset any password. No part of Apple's software
    for OS X Client depends on the root password. Enabling or
    disabling the root account makes no difference to this procedure.

    There is a way to disable the use of the installation disk: set an
    Open Firmware password. Doing so prevents the user from starting
    up the computer from anything except the already-nominated boot
    drive. Since the Open Firmware password isn't stored on a hard
    disk it can't be cracked by reading the hard disk. However, if
    your cracker can take a screwdriver to the box it's possible to
    defeat the Open Firmware password too.

    Among security professions it's recognised that physical
    possession of the box is an end to all security measures that can
    be taken by the operating system. Once your cracker has the box
    in his hands he can clone the hard drive, take it back to his
    junkfood-carton- and porn-strewn crackhouse (or, equally likely,
    to FBI headquarters) and spend however long he wants cracking any
    passwords or encryption systems you're using.
    There are many other reasons why having a root account enabled is
    a bad idea. Mostly, that if someone manages to remotely compromise
    your box they can't immediately attack the root account to get
    admin privileges on your box.

    Simon.
     
    Simon Slavin, Sep 2, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.