set up a root password
Nigel Henry
cave.dnb2m97pp at aliceadsl.fr
Tue Aug 5 21:17:11 UTC 2008
On Tuesday 05 August 2008 21:30, Derek Broughton wrote:
> Nigel Henry wrote:
> > and find myself entering my usual root password,
>
> tsk, tsk... :-)
Yes, I know, I know. Probably my situation is a bit different to most users in
that I have more than 20 distros installed on my 3 machines. Not having a
photographic memory, and not wanting to set up different root passwords for
all of them, and having to consult a notebook for the password every time I
boot up a distro, and want to get root access, I find myself with one root
password. Yes I should change it from time to time just in case.
Being on dialup, with dynamic IP addresses, and not running any Internet
accessable servers, I'm sort of kidding myself that all is ok, but perhaps
could be more security concious.
>
> > Personally I believe that having a separate root password (which I would
> > expect to be more complex, than a plain old user one) is a good idea,
>
> Not if you're using a "...usual root password".
In my case yes, as I use the same root password for all distros. Not a good
idea to be sure,
>
> > as
> > on most of my distros, and does give an extra step that a potential
> > hacker has to go through to get into your machine, but I suppose if they
> > are determined to get in, they will find a way.
>
> It doesn't give an extra step. They already _know_ the user name, they
> only have to guess your password. Why would it be more complex than a
> "plain old user one"? Passwords are as complex as the user makes them, and
> if the user is the sole administrator, the user password is likely to be
> exactly as complex as the root password.
I'm comparing many other distros here that have a separate root password. The
hacker may know your user name, and perhaps the password is a simple one.
With Ubuntu/Kubuntu the hacker can now try sudo with the user password that
he has discovered, and is into the inner works of the machine.
With other distros, the potential hacker may well find your user password, but
then has to find the root password to gain access to the machine, unless he
just wants to mess with your user space. I would always suggest creating a
non dictionary based password to gain access to root, but can't see your
usual Ubuntu/Kubuntu user creating some complex non dictionary based password
to login to Gnome/Kde, thus making it more difficult for a potential hacker
to gain access.
This is not any crititism of Ubuntu/Kubuntu. I 'm happy to work with it as is,
and as regards my root passwords for my other distros, I must get around to
changing them from time to time.
These are serious, but at the same time lighthearted comments. No flame
intended, just observations.
Nigel.
> --
> derek
More information about the kubuntu-users
mailing list