A way to mess up recovery mode logins! Comments please?

Colin Watson cjwatson at ubuntu.com
Mon Jan 16 17:20:37 UTC 2006


On Mon, Jan 16, 2006 at 11:57:02AM -0500, Phillip Susi wrote:
> neil woolford wrote:
> >First of all, follow the instructions on the RootSudo wiki page to
> >temporarily set a root password, then follow the instructions to disable
> >that password.
> 
> You really shouldn't do that.  It is best to leave the system the way it 
> comes: with no root password.  Use sudo if you need root permissions.

There's nothing wrong with wanting to set a root password.

> >sudo passwd root
> >
> >then;
> >
> >sudo passwd -l root
> >
> >Now try rebooting into recovery mode.  You will be asked for a root
> >password, but even if you give it, you won't be able to log in as it has
> >been disabled and the root account is now locked.  (Time to break out
> >the Damn Small Linux disc when it happened to me!)
> >
> >Why does this happen?
> 
> Because you locked the root account silly, so you can't login as root ( 
> which is what recovery mode is all about ).

The root password is locked to start with, and yet recovery mode works
there.

> >As far as I know, it is for the following reason:  the recovery mode
> >boot has been patched in Ubuntu to allow passwordless login as root,
> >provided that the root password in /etc/shadow is set to the special
> >(default) value of the * character alone.  However, setting a password
> >places an encrypted value in this field, and locking it merely prepends
> >a ! character to this value, (allowing the password to be reactivated by
> >removing the !, without knowledge of the original password).
> 
> Nothing special has been patched in ubuntu.

As a matter of fact, we changed this in Ubuntu very early on:

  http://lists.ubuntu.com/archives/warty-changes/2004-August/000360.html

(That patch has since been accepted into Debian too, so it no longer
shows up among our local patches.)

> By default there is no root password, so when you boot into rescue
> mode, you don't have to enter one to login as root.  If you lock the
> root account, then you can't login as root, it's that simple.

"No root password" is the same as "locked root account", except for the
precise details of the locking.

Neil's problem is:

  https://launchpad.net/distros/ubuntu/+source/sysvinit/+bug/18937

... and has been fixed in Dapper:

  http://lists.ubuntu.com/archives/dapper-changes/2006-January/004461.html

> It appears that the wiki has misled you.  I will have to fix that.

Please don't.

Cheers,

-- 
Colin Watson                                       [cjwatson at ubuntu.com]




More information about the ubuntu-users mailing list