Assigning ROOT a password

Michael Leone turgon at mike-leone.com
Mon Apr 28 14:38:03 UTC 2008 

On Mon, Apr 28, 2008 at 10:14 AM, Derek Broughton <news at pointerstop.ca> wrote:
> Larry Hartman wrote:
>
>  >> The reason for not having a root password is to prevent the
>  >> software that is used to crack passwords from being able
>  >> to get to your system.
>  >>
>  >
>  > huh?  I am dizzified by this statement.
>
>  If you know a username on the system, you're halfway to cracking an account.
>  Having a user named "root" is just silly.

Yet that's the way Unix and Linux is designed ...

>
>
>  > Seems counterintuitive to all that I have been taught about user account
>  > security.  I can hear the MS sys admins hollaring now, use a 16-digit,
>  > random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
>  > password!
>  >
>  > If the above is the case, it leads to the next question, why assign any
>  > passwords for other usernames?
>
>  Sorry Larry, I just can't parse a meaningful question out of that.
>  Who "assigns" passwords?

We do. :-) New users are assigned passwords, and then have to change
them. Some places don't force passwords to change (for whatever
reason.

>  A shared secret is not a secret.  If more than one person knows root's
>  password, assume it's not a secret.

In many companies, certainly, more than one person knows the password.
What if the only person who knows the password dies? In some larger
companies, the password is recorded on paper in a safe, and only
accessed by special written request. And then changed, I'm told.

>  I administer a CentOS system that has a root account.  I don't know the root
>  password; since I've never had physical access to the system, I probably
>  couldn't ssh in as root anyway; and I've never had any trouble
>  administering it via sudo.

Others do things differently. BTW, were you an employee of the company
who owned the CentOS system? Some places I know won't give the
password to consultants (preferring to use sudo, as you do - hey, that
rhymes! :-)), but will give it to the head administrator who is an
employee.

-- 
Michael J. Leone
<mailto:turgon at mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>

More information about the kubuntu-users mailing list