root user

Chris Green cl at isbd.net
Sun Jan 1 17:12:39 UTC 2012


On Sun, Jan 01, 2012 at 04:49:08PM +0000, Liam Proven wrote:
> On 1 January 2012 16:38, Chris Green <cl at isbd.net> wrote:
> > I have never quite followed this security reason for not enabling root.
> >
> > If someone guesses/finds the "sudo to root" user's password then they
> > can get to do nasty root things just as easily as if the root account
> > was enabled and they guess the root password.
> >
> > To my mind the only major advantage of using sudo rather than having a
> > root password is simply that it leaves an audit trail of who did what.
> >
> > A root password actually adds a little security if remote root login is
> > not allowed, you have to know two passwords, one for a user login and
> > one for a root login, to get root access.
> >
> > However, having said all that, for *simplicity* then a user with sudo
> > access does make support etc. much easier and on single user home Linux
> > systems that is a major advantage.
> 
> It's not that it's harder to crack a user password than the root
> password, and it's not that not having a root password keeps you safe
> - it doesn't; once you know "sudo -s" (and its many variants), you can
> do just as much damage.
> 
> It is, rather, for 2 reasons.
> 
> [1] Locally, if 'root' is disabled, then you can't log in as root.
> Simple but clear. It removes the temptation to log in as that
> dangerous account, because you can't. This is far more protection than
> turning the desktop red and putting a picture of a bomb on it, as SUSE
> Linux used to do. You can't do it at all, any how.
> 
That's rather akin to my 'simplicity' point above.  However it really
makes no difference except that most instructions for doing root things
on ubuntu say:-
    sudo <do this>
    sudu <do that>
    sudo <do the other>
and, as you say, afterwards you're not root and don't have to remember
to log out.  In practice surely anyone doing more than two commands as
root quickly gets fed up with typing sudo over and over again and just
does:- 
    sudo -i
    <do this>
    <do that>
    <do the other>
    CTRL/D

> [2] Remotely, it offers protection from cracking attempts. Everyone
> who knows Unix knows that the system administrator on Unix is called
> "root", and if you have root access, you own the box. So that is the
> account everyone attacks. Well, if root is there but disabled, they
> can attack it as much as they like - they won't get in. There's
> nothing to get into.

But in the real world the systems we are talking about are 99% home
systems and won't have an ssh daemon running to allow remote access, and
if they have it should most certainly have ssh root access disabled. 
Thus an intruder *does* need to know two passwords.

>                         But without access to the system, they can't see
> what other, ordinary, unprivileged usernames /are/ there, so they
> can't launch dictionary attacks against them.
> 
As I understand it dictionary attacks are only possible where the
encrypted passwords are visible and that is no longer true on most
systems.

Much of what you are saying is really only applicable to multi-user
systems where there are many users with 'local' (as in local LAN) access
to the system.  Running something like a dictionary attack across an
internet connection would be well nigh pointless, the timeouts on failed
logins are such that it would take longer than any system is going to
last for.

-- 
Chris Green




More information about the ubuntu-users mailing list