Do we support enabling the root account?

Gilbert Mendoza gmendoza at gmail.com
Sat Mar 7 14:52:43 UTC 2009 

I agree with Phil in that education on the matter is most appropriate.

The explanation of the root account is also discussed in section 8.1.1
of the Ubuntu Server Guide.  By having the root account unlocked, it
doesn't make your system less secure; many feel it's just not best
practice.  Especially in a server environment with multiple
administrators, since there would be less accountability when the root
account is used because it could have been any one of the admins that
know the root password.  With sudo, you have effectively tied specific
user accounts to elevated actions, and no one should know that
password except the the user in question.

Locking the root account also does not prevent all local and remote
privilege escalation attacks, and certainly can be enabled with
minimal risk as long as the administrator is preventing remote
services from logging in with that particular account.  e.g. Disable
SSH root access.

There's also an argument out there that using sudo by itself isn't
best practice, since administrators are typically encouraged to use
two accounts; one for day to day usage, and the other for
administrative tasks.  By default, Ubuntu gives the first user only
one account with sudo privileges, so if that password is ever
compromised, you have essentially rooted the box anyway.  A paranoid
security guy would be to keep the root account locked for
accountability purposes and create two users per administrator; one
non-privileged for typical usage, and another that has sudo
privileges.

The theory behind the two accounts is that as you limit the number of
locations from which you access your administrative account.  This may
help limit the exposure of administrative password by key loggers at
remote sites, etc.  Another would be so that it forces admins to use
that account with a bit more care and prevent mistakes.  All in all,
it's all about how far you want to take it, and hopefully strike an
even balance between usability and security.

I just don't think taking an alarmist approach is the most effective
method.  If anything it may lead a false sense of security.

Thanks,

--
Gilbert Mendoza
PGP: 0x7403B303
Email: gmendoza at gmail.com
http://www.savvyadmin.com
https://launchpad.net/~gmendoza
https://wiki.ubuntu.com/GilbertMendoza



On Sat, Mar 7, 2009 at 3:17 AM, Phil Bull <philbull at gmail.com> wrote:
> I think that we should document this, but provide a strong, justified
> warning to discourage users from actually enabling the root account.
> I'd rather that users get the information from us, where they will be
> properly informed about the security risk, than from a third-party
> website, where they may not. If they read the warnings and still
> decide to enable root, anything that goes wrong is their own fault and
> there's not much we can do about it.
>
> Thanks,
>
> Phil
>
> --
> Phil Bull
>
> --
> ubuntu-doc mailing list
> ubuntu-doc at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
>

More information about the ubuntu-doc mailing list