Assigning ROOT a password
larryhartman50 at vzavenue.net
Tue Apr 29 23:55:27 UTC 2008
On Monday 28 April 2008 06:35:09 pm Derek Broughton wrote:
> Larry Hartman wrote:
> > On Monday 28 April 2008 07:14:28 am Derek Broughton wrote:
> >> Larry Hartman wrote:
> >> >> The reason for not having a root password is to prevent the
> >> >> software that is used to crack passwords from being able
> >> >> to get to your system.
> >> >
> >> > huh? I am dizzified by this statement.
> >> If you know a username on the system, you're halfway to cracking an
> >> account. Having a user named "root" is just silly.
> > Ok, I think this brings me full circle back to another post I made on
> > same thread....are you really saying that the root account is disabled,
> > vice
> "versus", please. I try not to criticize language, but three times is
> enough :-)
supercalifragialisticexpialadocious! (I probably spelled it wrong)
I thought versus when I wrote, but I was getting a wee bit tired and for the
life of me couldnt remember how to spell it.....so I went with my good'ol
standby versus "versus".
> > saying that the root account is enabled but without a password?
> I'm not really sure there's a difference. There _is_ a root account, you
> can not login to it, it has no password, and it's marked as disabled.
I did some investigation and saw this. So the account is disabled....hence
doesn't matter about password or not.
> >> > Seems counterintuitive to all that I have been taught about user
> >> > account
> >> > security. I can hear the MS sys admins hollaring now, use a 16-digit,
> >> > random, 4 special characters, 4 lower-case, 4 upper-case, and 4
> >> > numbers password!
> >> >
> >> > If the above is the case, it leads to the next question, why assign
> >> > any passwords for other usernames?
> >> Sorry Larry, I just can't parse a meaningful question out of that.
> >> Who "assigns" passwords? What does MS have to do with the question of
> >> what's a safe password (I was hearing these sorts of suggestions before
> >> any
> >> of us had a Windows computer)? And what does the complexity of the
> >> password have to do with whether it's root's password or a user's?
> > This question is linked to the one I just asked above. If root account
> > exists but has no password, then my thinking suggests that it would not
> > matter if a user with sudo priviledges has a password or not, despite how
> > complex it is.
> I'm afraid I still don't see your point. A user with full sudo access (by
> default only the first account Ubuntu creates) can get to a root shell
> ("sudo -i"), so the complexity of _that_ user's password certainly matters,
> but root's password (or lack of it) is irrelevant to sudo.
My point only had meaning under the assumption of an enabled root account.
Why lock the back door if the front door has a gaping hole? But this point
died when I realized and was simultaneously told that the root account is
> > This makes sense in light of my second comment on this same email.
> > Prohibit any root account access, force all access through individual
> > users, now you have an audit trail.
> That's the idea.
> > This works until one considers accessing the system in failsafe mode,
> > which
> > appears to have root access w/o password. So in failsafe mode root
> > account
> > is enabled? Could someone remotely reboot system and go into failsafe
> > from that remote location?
> I can't say I've tried it, but I'd hate to think so. "failsafe" to me
> suggests no network connectivity. You can also always get to root from
> the "single user" logon - but it means you must have physical access to the
A little more awake now, yeah that makes sense, even if a person could
remotely restart your machine, the kernel has not booted enough to start the
networking devices in order for a remote selection of failsafe to take place.
Now that I have been running Kubuntu for almost two years, I find it a good
thing to start thinking through the mechanics of system security.
I appreciate your help.
More information about the kubuntu-users