[users]Re: Linux Vs Windows in security (II)

Chris racerx at makeworld.com
Wed Aug 29 17:48:40 UTC 2007 

On Wed, 29 Aug 2007 12:53:31 -0400
Rashkae <ubuntu at tigershaunt.com> wrote:

> Chris wrote:
> > On Wed, 29 Aug 2007 13:17:00 +0100
> > "(``-_-´´) -- Fernando" <ubuntu at bugabundo.net> wrote:
> > 
> >> On Wednesday 29 August 2007 13:10:36 Chris wrote:
> >>> On Wed, 29 Aug 2007 12:19:06 +0100
> >>> "(``-_-´´) -- Fernando" <ubuntu at bugabundo.net> wrote:
> >>>
> >>>> On Monday 13 August 2007 22:06:32 Cesar Augusto Suarez wrote:
> >>>>> so, however, if i  have remote access  by ssh to a linux
> >>>>> machine, can i change the root pass if i dont know it? just in
> >>>>> case
> >>>> Yes you can, as long as the user connecting to the sshd as sudo
> >>>> permitions. Just ssh USER at MACHINE
> >>>> and then do sudo passwd root
> >>>>
> >>> Fernando missread your question - The real answer is ...
> >>>
> >>> "if i  have remote access  by ssh to a linux machine,
> >>> can i change the root pass if i dont know it?"
> >>>  
> >>> NO - You can't change the root password if you don't know the root
> >>> password. You CAN however, IF you DO.
> > 
> > Let's look at this again - the Op asked if he can change the root
> > password he he does not know it.
> > 
> > That being said - ha can't run sudo without knowing the root
> > password. Unless of couse, the admin of the remote box setup sudo
> > to be used without a password.
> 
> No, we are not clear at all.. Sudo doesn't need the root password.
> In a default Ubuntu intallation, Sudo needs the *user* password which
> can, and should, be distinct from the root password (if indeed there
> even *is* a root password, as in a default Ubuntu install, Root is
> disabled and there is no password to begin with.)

I will agree with you on your above point. I stand corrected.

I did however base some of my thought process on what the Op stated.
And again, I'll reiterate my points.

1. The op did not state what distro he was ssh'ing into. The op stated
Linux.  Sure - we can argue the point that the Op may or may not have
meant Ubuntu as the remote box. He called it a Linux machine.
I took the position of the remote box NOT being Ubuntu (based on
the ops own words - I feel that if the remote box was Ubuntu, the Op
would have said that - he did not. He stated a Linux machine) and
also based on point number 2.

2. The Op never stated that the ssh'ed user he was using was/is in the
remote sudoers file.  Assuming it is not - it would be impossible for
the Op to change the root password using sudo passwd root.
Assuming the Op is in the remote sudoers file: then yes, the above
arguments by yourself and Fernando would be correct.

3. I am mistaken by claiming that you need the root password to use
sudo. Here again I stand corrected. You need to use your own password.
With Ubuntu, you are in the sudoers file (I assume that also with
Debian) In other Linux distros - you would not be by default. So that
would null the attempt of the password change. 

> If you've never used any Linux besides Ubuntu., I could see why you 
> might get this confused, as Ubuntu asks you only for 1 password,
> which, with the help of Sudo, is used both to log in as a user and
> perform administrative tasks.  In the wider world of Unix, however,
> this is not the same as the root password.

Here again, this was my mistake. 


-- 
Best regards,
Chris
Registerd Linux user number 448639

More information about the ubuntu-users mailing list