Help to get started

Reinhold Rumberger rrumberger at web.de
Fri Nov 12 13:30:38 GMT 2010


On Tuesday 02 November 2010, Nils Kassube wrote:
> shawn wilson wrote:
> > However, if ctrl+alt+f1 works and you can login there, do:
> > sudo passwd    # set root password
> 
> Why? Usually there is no real benefit if you set a root password.

There is. I once pulled a little stunt where a friend of mine went to 
the toilet and I quickly rebooted his machine into rescue mode and 
used that to set a root password and create a backdoor account. It 
was all in good fun, and after creating a couple of funny effects, I 
showed him what I did, so in the end there was no harm done.
But the fact remains that, should anybody but you have physical 
access to the machine, you had better set a root password or risk 
having your system compromised *really* quickly and easily.

Obviously, if no one who knows anything about Linux is ever going to 
be around the machine, the point is moot, but if you own a laptop or 
have geek friends over, you had better see to it that your computer 
is properly protected. And a root password is really the least that 
absolutely needs to be set. (Ideally, you also need a boot password 
for your grub and a BIOS password and you hard drive needs to be 
first in the boot order. But exploiting a lack of those will mostly 
take longer than exploiting a missing root password...)

> If you need a root shell, you can use e.g.
> 
> sudo su
> 
> instead.

I prefer "sudo su -" as that will set a proper root environment and 
not leave stuff like $HOME pointing to your home directory, mucking 
up permissions on settings files.

  --Reinhold



More information about the kubuntu-users mailing list