Being root
Amedee Van Gasse (Ubuntu)
amedee-ubuntu at amedee.be
Thu Jun 25 08:28:11 UTC 2009
On Thu, June 25, 2009 09:40, Gilles Gravier wrote:
> Hi, Amedee!
>
>
> Amedee Van Gasse (Ubuntu) wrote:
>
>> You did not understand what I wrote. It must be a language issue.
>> In Ubuntu they don't ask for a root password. A root password is
>> automatically created with some kind of random function. This random
>> password is never told to the user.
>>
>> Perhaps you understand it better if I formulate it this way?
>>
>>
>>
> This is not correct. On Ubuntu, there is NO root password that is
> created.
>
> The "encrypted password" (stored in /etc/shadow) is set to "*" which is
> not something that maps to a real password. There is no password (random or
> not) that can get encrypted to "*" using the encryption functions in
> Ubuntu. What this "*" means is that there is no password that works for
> root... in effect, you cannot log in as root until you manually set a
> password yourself for root.
>
> Note that there is a VERY good reason to do that. Enabling root user
> leads to lots of security issues, in particular the fact that you can't
> audit root activities to specific physical users. Whereas if you "sudo"
> every administrative command, you get a proper audit log for who did what
> in terms of administration on the system.
>
> This is important in multi-user systems (which Ubuntu is designed as).
>
>
> Of course, this being Linux/Unix, you CAN change the password of root to
> something real, and then log in as root. But you do this at your own risk
> and you should be aware of this.
>
> Gilles.
Mea culpa. You may be right.
I may have mixed up Ubuntu and Gentoo.
That's the problem when you have used too many linuxes. :-)
More information about the ubuntu-users
mailing list