Assigning ROOT a password

[Derek Broughton]

Larry Hartman wrote:

>> The reason for not having a root password is to prevent the
>> software that is used to crack passwords from being able
>> to get to your system.
>>
> 
> huh?  I am dizzified by this statement.

If you know a username on the system, you're halfway to cracking an account. 
Having a user named "root" is just silly.

> Seems counterintuitive to all that I have been taught about user account
> security.  I can hear the MS sys admins hollaring now, use a 16-digit,
> random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
> password!
> 
> If the above is the case, it leads to the next question, why assign any
> passwords for other usernames?

Sorry Larry, I just can't parse a meaningful question out of that. 
Who "assigns" passwords?  What does MS have to do with the question of
what's a safe password (I was hearing these sorts of suggestions before any
of us had a Windows computer)?  And what does the complexity of the
password have to do with whether it's root's password or a user's?

> I'd like to know the logic behind the 
> above quoted statement better....and what distinguishes security for root,
> vice security for a username that uses its own password for SUDO access,
> that can lead to root access?

A shared secret is not a secret.  If more than one person knows root's
password, assume it's not a secret.  Using sudo, you know _who_ got root
access.  It's not so much having locks on the house, as having a security
camera to see who comes in.

I administer a CentOS system that has a root account.  I don't know the root
password; since I've never had physical access to the system, I probably
couldn't ssh in as root anyway; and I've never had any trouble
administering it via sudo.
-- 
derek