what is root actually means?
bootgr at gmail.com
Wed Jun 27 19:11:19 UTC 2007
On 6/27/07, Tero Ratilainen <tero.ratilainen at kapsi.fi> wrote:
> On Wednesday 27 June 2007 21:34:25 Edmund Laugasson wrote:
> > > Kubuntu disables the root user by default.
> > It seems like root still exist but password is randomly generated during
> > the installation process. Just we don't know, what the root's password
> > might be.
> > But if I use sudo passwd root command, I can easily assign password to user
> > root. If there's root disabled, then there should be not possible to assing
> > password to it. So, it seems like root is not disabled and I think, that it
> > cannot be disabled. How do you disable root? Perhaps comment out
> > appropriate rows in /etc/passwd and /etc/shadow?
> > > That's why we use sudo to
> > > execute programs that need administrative access, and sudo -i to
> > > actually switch to the root user.
> > I use: su -
> > But certainly, there's no big difference.
> > > There literally is NO password for
> > > root, so while the user exists, the account can NOT be hacked.
> > Is it really possible, that there's NO password for root? If it is so, then
> > there should be possible to log in by just typing root for user name and I
> > am already in! But its known, that it's not possible. Therefore I think,
> > that there should be some automatically generated password for root,
> > because automatical logon is not possible. But it asks password for user
> > root, if that username is entered. It means, that root is active but we
> > just don't know the password.
> By default, the root password is something that cannot be used as a password.
> So there is no way to enter the password. So basically, it is disabled, as
> there is no way to log in, even with brute force.
> Tero Ratilainen
I've been told to re-lock the root account you do sudo passwd -l root
here's what man has to say about passwd -l ( lower case L )
Lock the named account. This option disables an account by changing
the password to a value which matches no possible encrypted value.
so the account is actually locked, no way to log into it, BUT you can
still become root using sudo -i and here's what man says about using
-i The -i (simulate initial login) option runs the shell specified in
the passwd(5) entry of the user that the command is being run as.
The command name argument given to the shell begins with a - to
tell the shell to run as a login shell. sudo attempts to change to
that users home directory before running the shell. It
the environment, leaving TERM unchanged, setting HOME,
SHELL, USER, LOGNAME, and PATH, and unsetting all other environment
variables. Note that because the shell to use is determined before
the sudoers file is parsed, a runas_default setting in sudoers will
specify the user to run the shell as but will not affect which
shell is actually run.
More information about the kubuntu-users