Ubuntu Root Passwork Gotcha?
bike_oz at yahoo.com.au
Thu Jul 28 09:56:12 UTC 2005
I take a fairly simple approach.
I set a root password so if my account ever gets corrupt (including the
sudoers file) I can get into the system. However, I use sudo for all
maintenance and just keep the root account as backup. This works for me.
On Wed, 2005-07-27 at 22:17 -0700, William Chapman wrote:
> To Rooters & non-Rooters alike:
> Being something of a Linux noob, my position on the much-debated issue
> of root account management in Ubuntu has been to accept the party-line
> and work with the root account disabled. After a solid couple of
> months of intensive Ubuntu hacking & mangling, I've consistently been
> able to achieve desired results, and have grown comfortable with the
> policy, while actually beginning to understanding why it might be a
> sound idea!
> But after encountering the situation described below, I think I may
> have to reconsider. Perhaps others would be willing to weigh-in to
> correct my possible flawed analysis & likely lack of understanding.
> As always, your comments will be much appreciated.
> An unpleasant experience involving an ssh session (a test case with
> both client & server hosts lan'ed in my lab) in which the ssh client
> process was manually killed (it became a zombie, but wouldn't die),
> and its host rebooted by me. Immediately upon commanding the reboot I
> look at the ssh server host and realized that the session had still
> been active. (I had only imagined exiting the session.)
> (I won't go into why I was doing this, except to say it was related to
> establishing ssh sessions with WinXP-Linux dual-boot PCs set up so
> both OS environments on a given machine share identical host keys. It
> can be done!)
> The result of this was a situation along the lines of "...can't read
> ~/.ICEauthority...". and being forced into a recovery session from
> the gnome login screen (trouble starting gdm, I suppose). That file's
> owner was now root instead of me. After a quick chown & chmod, I was
> able to reboot, restore the correct permissions and all was well.
> (Not counting my unsolved ssh problems.)
> HOWEVER, during the process, I wanted very much to reboot and select
> the second default Ubuntu configuration offered by Grub, which is
> labeled, "(recovery mode)". I tried this, and at the opportune time,
> the boot process asked for a root password. As I suspected, my
> password would not suffice, as the root account was, of course,
> disabled. Upon rejecting the offered password, the boot process
> charged into a normal, default session. (Try it!)
> (1) The way I recon, the Grub recovery mode option is inconsistent
> with Ubuntu root account policy, and, therefore, cannot serve its
> intended purpose. Because when you really need it, you won't be able
> to use it! It could still have utility, but only in controlled
> situations where you add the root account in anticipation of going
> down that path. If my logic is flawed, please correct me.
> (2) If (1) is correct, perhaps the setup of the "recovery mode" could
> be changed (for Ubuntu) to allow a superuser id as an alternate to
> Bill Chapman
Kind Regards Russell
Linux user #369094
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-users