what is root actually means?

Greg Booth bootgr at gmail.com
Wed Jun 27 19:11:19 UTC 2007 

On 6/27/07, Tero Ratilainen <tero.ratilainen at kapsi.fi> wrote:
> On Wednesday 27 June 2007 21:34:25 Edmund Laugasson wrote:
> > > Kubuntu disables the root user by default.
> >
> > It seems like root still exist but password is randomly generated during
> > the installation process. Just we don't know, what the root's password
> > might be.
> >
> > But if I use sudo passwd root command, I can easily assign password to user
> > root. If there's root disabled, then there should be not possible to assing
> > password to it. So, it seems like root is not disabled and I think, that it
> > cannot be disabled. How do you disable root? Perhaps comment out
> > appropriate rows in /etc/passwd and /etc/shadow?
> >
> > > That's why we use sudo to
> > > execute programs that need administrative access, and sudo -i to
> > > actually switch to the root user.
> >
> > I use: su -
> > But certainly, there's no big difference.
> >
> > > There literally is NO password for
> > > root, so while the user exists, the account can NOT be hacked.
> >
> > Is it really possible, that there's NO password for root? If it is so, then
> > there should be possible to log in by just typing root for user name and I
> > am already in! But its known, that it's not possible. Therefore I think,
> > that there should be some automatically generated password for root,
> > because automatical logon is not possible. But it asks password for user
> > root, if that username is entered. It means, that root is active but we
> > just don't know the password.
>
> By default, the root password is something that cannot be used as a password.
> So there is no way to enter the password. So basically, it is disabled, as
> there is no way to log in, even with brute force.
>
> --
> Terveisin/Regards,
> Tero Ratilainen
>

I've been told to re-lock the root account you do sudo passwd -l root

here's what man has to say about passwd -l ( lower case L )

man passwd
       -l, --lock
          Lock the named account. This option disables an account by changing
          the password to a value which matches no possible encrypted value.

so the account is actually locked, no way to log into it, BUT you can
still become root using sudo -i and here's what man says about using
sudo -i

       -i  The -i (simulate initial login) option runs the shell specified in
           the passwd(5) entry of the user that the command is being run as.
           The command name argument given to the shell begins with a - to
           tell the shell to run as a login shell.  sudo attempts to change to
           that users home directory before running the shell.  It
also initializes
           the environment, leaving TERM unchanged, setting HOME,
           SHELL, USER, LOGNAME, and PATH, and unsetting all other environment
           variables.  Note that because the shell to use is determined before
           the sudoers file is parsed, a runas_default setting in sudoers will
           specify the user to run the shell as but will not affect which
           shell is actually run.

Greg

More information about the kubuntu-users mailing list