Password question.

[Eberhard Roloff]

Steven Vollom wrote:
> Eberhard Roloff wrote:
>> Steven Vollom wrote:
>>   
>>> Eberhard Roloff wrote:
>>>     
>>>> Steven Vollom wrote:
>>>>   
>>>>       
>>>>> I would like to set a password that allows me to enter my system that is 
>>>>> very secure, however, when I am in the system, I would like to have a 
>>>>> very simple password to enter root, perhaps as small as a couple of 
>>>>> letters.  Is this possible?
>>>>>
>>>>> Steven
>>>>>
>>>>>
>>>>>     
>>>>>         
>>>> With Linux, genarally anything is possible.;-)
>>>>
>>>> While this is possible, I would not advise to implent it. The Ubuntu 
>>>> concept of the first  user i.e. the admin user is that you use a rather 
>>>> secure password to login and then use the same to "su" to root, as needed.
>>>>
>>>> You can alter this and there are howtos to separate root to use its own 
>>>> password.
>>>>
>>>> It's actually quite simple but I would not advise you to do it since you 
>>>> are already familiar with the "Ubuntu way" of doing things. This is 
>>>> because, when you do it, your system will behave differently afterwards 
>>>> and you will need to treat it differently.
>>>>
>>>> Kind regards
>>>> Eberhard
>>>>
>>>>
>>>>   
>>>>       
>>> Sorry I wasn't paying adequate attention to what you just wrote.  I was 
>>> already thinking of possible reasons for avoiding this.  How does it 
>>> change my system?  What change in behavior would be anticipated?  In my 
>>> situation, is it more insecure?  TIA, friend.
>>>
>>> Steven
>>>
>>>     
>> Hi Steven,
>>
>> Well, I cannot answer this. There are numerous discussions around 
>> whether the Ubuntu way is more secure or not than "the other way round", 
>> which is, just for example, the SuSe or Red Hat way.
>>
>> Although I surely have my own opinion about this, I will not divulge it, 
>> there are to many flames around. ;-)
>>
>> What are the differences?
>>
>> Now you are just doing sudo fsck /dev/sda1
>> alternatively when you need to be root for any length of time, you will do:
>> sudo -i
>> Password
>>
>> With a separate root account, it is similar but not at all identical.
>> For example, sudo "something" will no longer work (except if you go and 
>> configure it) and you will most likely use "su -" to become root and 
>> then "exit" or "Ctrl+D" to exit root.
>>
>> Furthermore, I think you REALLY might prefer to use a strong root 
>> password and a weaker user password, since it is root where a 
>> compromised security will have potentially disastrous consequences.
>>
>> Again, if you are familiar with the Ubnutu way, I would strongly 
>> recommend to leave it at that.
>>
>> If you insist to have a separate password for root, you might google this:
>> http://www.ubuntux.org/how-to-change-the-root-password-in-ubuntu
>>
>> Kind regards
>> Eberhard
>>   
> Dear Eberhard,
> 
> I know you understand my limitations; I am old, inexperienced, and do 
> not know all the ramifications of what I ask.  Nonetheless, until 
> someone can convince me that I can lose more than the OS and some data, 
> I am willing to chance that, in favor of the great benefit it will serve 
> me.  I don't think my advisers here in the forum believe I will ever use 
> the safer Shell.  I think they believe I will just stay in Root.  I also 
> believe that they probably have their computers set up to work much the 
> same as I want mine, for ease of operation, unless they are subject to 
> security issues which I am not.
> 
> Now I want to be sure I understand.  I can retain a logged in and 
> password protected  sudo shell, and still have a more safe [not password 
> protected] Shell to work from.  _I do not want to be in Root all the 
> time_.  _I just want to be able to enter that security without have to 
> type it in more than once per session_.  I don't feel that I am mistake 
> proof, if I stay in Root all the time.  I believe _I am 100% safe with 
> an already logged in Root Shell, if I can work from a secured shell, and 
> when all I need to do is click on the Session menu item in the shell 
> program and open Root Shell and already be logged in._  The contrast of 
> their appearance will always be a reminder that I am on dangerous 
> ground, and I will be careful.  I have to do that and be careful when I 
> get sudo privileges anyway, don't I?
> 
> _I DO NOT want to change to a root password, if I cannot have a safer 
> shell to work from_.  It is important.  I am always a little stressed 
> when I enter a root command.  I am certain before I press the enter 
> key.  Please respond one more time to confirm that I can do what I want 
> to do and still have a safer Shell to work from.  With gratitude.  And 
> lastly, I promise that if my decision is foolish, and I screw up, I will 
> post the truth and eat the necessary crow, so that the forum can prosper 
> from loss.  I actually believe that it is only appropriate as a solution 
> for people with a similar problem, or for those who have an equally 
> important reason for doing it.
> 
> The feature I am struggling to get back is one I regretted losing, when 
> I upgraded from Feisty to Gutsy.  That feature helped me a lot.  And I 
> used it the way I described.  _Please answer, I won't go to that website 
> if you don't.
> _
> Steven
>>
>>   
> 
> 
ok. Back to square one. What I understand:
You want to have a root shell always open to accept root commands.

This is somewhat different from what I originally understood, i.e. you 
want a root user with a different password.

Now:
Given that there are a multitude of possibilities, only two come to my mind:

1.
You can have a root shell, opened once and open all the time until you 
log out without any change to the system.

Simply open a shell of your choice at startup and then issue the command
"sudo -i" without the quotes

After giving your password this shell will be open until you close it.


2.

If you want to have a seperate user password for root AND have a 
permanently open root shell, then go to the webpage I googled for you, 
follow the very easy instructions there, and finally change root's 
password to something that you like.

Then after your system starts up, you open a shell or a KDE rootshell, 
enter your password (in the KDE rootshell) or issue the command:
"su -" (in the regular user shell). After giving your newly created root 
password, this shell will remain open as long as you do not close it.

Hopefully I now covered what you are needing.

If not, I am sorry

Kind regards
Eberhard