Trouble Logging In as Root

James Gray james at gray.net.au
Sun Nov 9 09:39:16 UTC 2008 

On 09/11/2008, at 6:44 PM, Carl Friis-Hansen wrote:
> there is by default no password for root.

<pedantic>
Actually, there *IS* a password for root:

#cat /etc/passwd /etc/shadow | grep root
root:x:0:0:root:/root:/bin/bash
root:*:13755:0:99999:7:::

The second field on the second line is the _hashed_ password from /etc/ 
shadow

HOWEVER, there is *nothing* you can enter that will cause  
crypt(+md5..etc) to hash to a value of "*".  Therefore login using  
root's account directly is not possible.  To say that there is "no  
password for root" implies that passwordless login is possible; which  
of course it isn't. :)
</pedantic>

Carl, I'm not trying to single you out dude, just wanted to use the  
opportunity to provide an object lesson in how passwords are handled  
in Linux (and most Unix versions too).  It's a trivial nit-pick of  
wording, and I agree with the rest of your post.  When I first started  
using Ubuntu (having been a Unix admin since 1994 on Solaris/True64/HP- 
UX/AIX...and Linux) I thought "no root login...WTF?!?!" - but I  
thought I'd give it a chance anyway.  Having got used to the whole  
"sudo way", I can't see why people persist with setting a root  
password on desktop systems etc.  You want a root shell - "sudo -i".   
You want to do something as root - "sudo <something>".  You want to  
run a GUI app as root - "gksudo <GUIapp>" or "kdesu <GUIapp>"...voila!

Who needs root anyway?  On server machines with many admins, I've  
always set the root password to be something long, completely random  
(pwgen anyone?) and put it in an envelope in a locked box/safety  
deposit box.  Paranoia?  No.  Simply the idea that if a machine is  
soooo broken that not even sudo works, you need a bloody good reason  
for breaking out root - which usually means fessing up to senior  
admins and/or management.  Differnet horses for different courses.

Oh, and if you've got physical access to a box, then all bets are off.

Cheers,

James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2417 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20081109/a15b4af2/attachment.bin>

More information about the ubuntu-users mailing list