Ubuntu Root Passwork Gotcha?

William Chapman jeddahbill at gmail.com
Thu Jul 28 05:17:45 UTC 2005 

To Rooters & non-Rooters alike:

Being something of a Linux noob, my position on the much-debated issue
of root account management in Ubuntu has been to accept the party-line
and work with the root account disabled.  After a solid couple of
months of intensive Ubuntu hacking & mangling, I've consistently been
able to achieve desired results, and have grown comfortable with the
policy, while actually beginning to understanding why it might be a
sound idea!

But after encountering the situation described below, I think I may
have to reconsider.  Perhaps others would be willing to weigh-in to
correct my possible flawed analysis & likely lack of understanding.
As always, your comments will be much appreciated.

Situation:

An unpleasant experience involving an ssh session (a test case with
both client & server hosts lan'ed in my lab) in which the ssh client
process was manually killed (it became a zombie, but wouldn't die),
and its host rebooted by me.  Immediately upon commanding the reboot I
look at the ssh server host and realized that the session had still
been active.  (I had only imagined exiting the session.)

(I won't go into why I was doing this, except to say it was related to
establishing ssh sessions with WinXP-Linux dual-boot PCs set up so
both OS environments on a given machine share identical host keys.  It
can be done!)

The result of this was a situation along the lines of "...can't read
~/.ICEauthority...".  and being forced into a recovery session from
the gnome login screen (trouble starting gdm, I suppose).  That file's
owner was now root instead of me.  After a quick chown & chmod, I was
able to reboot, restore the correct permissions and all was well.
(Not counting my unsolved ssh problems.)

HOWEVER, during the process, I wanted very much to reboot and select
the second default Ubuntu configuration offered by Grub, which is
labeled, "(recovery mode)".  I tried this, and at the opportune time,
the boot process asked for a root password.  As I suspected, my
password would not suffice, as the root account was, of course,
disabled.  Upon rejecting the offered password,  the boot process
charged into a normal, default session.  (Try it!)

Issue:

(1)  The way I recon, the Grub recovery mode option is inconsistent
with Ubuntu root account policy, and, therefore, cannot serve its
intended purpose.  Because when you really need it, you won't be able
to use it!  It could still have utility, but only in controlled
situations where you add the root account in anticipation of going
down that path.  If my logic is flawed, please correct me.

(2)  If (1) is correct, perhaps the setup of the "recovery mode" could
be changed (for Ubuntu) to allow a superuser id as an alternate to
root.

Comments?

Kindly,

Bill Chapman

More information about the ubuntu-users mailing list