New User.

[Derek Broughton]

Sean Miller wrote:

> I did set my own root password - and this was for a very important
> reason. A few years back when working on hp-ux we had a problem where
> our /etc/sudoers file became corrupted and nobody but root could run
> some commands. I dread to think what would have happened had we had no
> root password - how would we have fixed it?

Boot into alternate distro (I virtually always have one on a partition
somewhere, but there's always Live CDs), mount your other partition,
edit...  If you're trying to protect a machine from hacking by limiting
access to root, there's nothing quite like needing a reboot to get into
root to stop the hackers.
> 
> I work on the basis that you set your root password using "sudo passwd"
> (as you will find instructions in the wiki), note it down somewhere and
> then don't use it unless you have to.  Thus you gain all the protection
> of not logging in directly as root but know that you can if you need to
> from a command line or wherever...

You don't gain _all_ the protection.  One of the benefits of not having a
root account is that hackers need to find a valid account name, not just a
valid password, to get root access.  If every machine has an account named
"root" half their work is already done for them.
> 
> As I said in another thread I think that the Ubuntu sudo has *too* much
> power. There should be some things that you can only do when logged in
> as root... but that's just my view...

I can't imagine such a thing.  If I use "sudo", I _am_ root.  But it's also
logged.  If I log in as root, you have no idea who I am.
-- 
derek