Trouble Logging In as Root
Nils Kassube
kassube at gmx.net
Mon Nov 10 14:58:40 UTC 2008
Mark Haney wrote:
> CLIFFORD ILKAY wrote:
> > Ignore the advice to set a root password.
>
> NEVER leave root without a
> password. PERIOD.
Why do I need a root password if the root account is locked? Clifford
didn't advise to use a blank password but to leave the root account
locked.
> This is not only probably the biggest security hole
> ever, it's just plain wrong. Root is (in the phrasing of Ric Flair)
> 'THE MAN'. It can do everything. Anyone leaving root exposed runs a
> big risk.
Then it is even better to have no root password set with but keep the root
account locked to reduce the exposure, or am I missing something?
> I am aware of the fact that Ubuntu gives sudo access to virtually
> everything for the first user,
But you don't seem to be aware that the root account doesn't have a blank
password but we have a locked root account. You simply can't login as
root unless you intentionally set a root password.
> but let's examine the possibilities
> here. Let's say I compromise your system's primary user account. I can
> sudo into root, then lock everyone else out with a couple changes to
> sudo using visudo as well as edit the root passwd. What do you do
> then? You're busted. Period. There is no real recovery from that,
> because even with a rescue CD you pretty much need to know the root
> passwd.
Why that? I use the Ubuntu LiveCD and can easily get a root shell
with "sudo su". Then I can mount the HD of the compromised system and
make changes to get access again.
Nils
More information about the ubuntu-users
mailing list