Assigning ROOT a password
news at pointerstop.ca
Tue Apr 29 01:35:09 UTC 2008
Larry Hartman wrote:
> On Monday 28 April 2008 07:14:28 am Derek Broughton wrote:
>> Larry Hartman wrote:
>> >> The reason for not having a root password is to prevent the
>> >> software that is used to crack passwords from being able
>> >> to get to your system.
>> > huh? I am dizzified by this statement.
>> If you know a username on the system, you're halfway to cracking an
>> account. Having a user named "root" is just silly.
> Ok, I think this brings me full circle back to another post I made on same
> thread....are you really saying that the root account is disabled, vice
"versus", please. I try not to criticize language, but three times is
> saying that the root account is enabled but without a password?
I'm not really sure there's a difference. There _is_ a root account, you
can not login to it, it has no password, and it's marked as disabled.
>> > Seems counterintuitive to all that I have been taught about user
>> > account
>> > security. I can hear the MS sys admins hollaring now, use a 16-digit,
>> > random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
>> > password!
>> > If the above is the case, it leads to the next question, why assign any
>> > passwords for other usernames?
>> Sorry Larry, I just can't parse a meaningful question out of that.
>> Who "assigns" passwords? What does MS have to do with the question of
>> what's a safe password (I was hearing these sorts of suggestions before
>> of us had a Windows computer)? And what does the complexity of the
>> password have to do with whether it's root's password or a user's?
> This question is linked to the one I just asked above. If root account
> exists but has no password, then my thinking suggests that it would not
> matter if a user with sudo priviledges has a password or not, despite how
> complex it is.
I'm afraid I still don't see your point. A user with full sudo access (by
default only the first account Ubuntu creates) can get to a root shell
("sudo -i"), so the complexity of _that_ user's password certainly matters,
but root's password (or lack of it) is irrelevant to sudo.
> This makes sense in light of my second comment on this same email.
> Prohibit any root account access, force all access through individual
> users, now you have an audit trail.
That's the idea.
> This works until one considers accessing the system in failsafe mode,
> appears to have root access w/o password. So in failsafe mode root
> is enabled? Could someone remotely reboot system and go into failsafe
> from that remote location?
I can't say I've tried it, but I'd hate to think so. "failsafe" to me
suggests no network connectivity. You can also always get to root from
the "single user" logon - but it means you must have physical access to the
More information about the kubuntu-users