newbi3 Posted December 10, 2012 Posted December 10, 2012 This morning I fired up my laptop and in my haze I logged in with the username root. Once I saw I was logged in as root I was thought to my self "What the hell I never set a root password!" I checked the shadow file and sure enough when you install Linux Mint it automatically sets the root password as the exact same as your actual account password. I'm not sure how many of you guys are Mint users here but here is how you disable that nano /etc/shadow search for root in the second field (right after root: and before the next ':') change the hash that is there to a "!" save the file. Now you can't log in as root with a password. You could also just change the root password. I just thought I would bring this to your attention, I can't be the only one who is disappointed in the mint team for doing something like this. Quote
djoker Posted December 10, 2012 Posted December 10, 2012 I never used Mint, so perhaps my question is quite dumb..But I'm assuming there's no particular difference from any other Linux distro... So, why'd you find it bothering being able to log in as root? I don't see the point in making the root user "unavailable": I do see the point in changing the root password (since using the same one for both your current account and the root isn't a smart thing), but why would you want to make it "inaccessible"? I personally find it easier to just use 'su' once, and then run all the commands i need as root, rather than use 'sudo' every time! Then, as a reminder for those who want to edit the /etc/shadow file: you need root permissions to edit (or even see) it :) Quote
newbi3 Posted December 11, 2012 Author Posted December 11, 2012 I never used Mint, so perhaps my question is quite dumb..But I'm assuming there's no particular difference from any other Linux distro... So, why'd you find it bothering being able to log in as root? I don't see the point in making the root user "unavailable": I do see the point in changing the root password (since using the same one for both your current account and the root isn't a smart thing), but why would you want to make it "inaccessible"? I personally find it easier to just use 'su' once, and then run all the commands i need as root, rather than use 'sudo' every time! Then, as a reminder for those who want to edit the /etc/shadow file: you need root permissions to edit (or even see) it :) The thing that bothers me isn't that root is accessible with the su command or that root has a password. What bothers me is that Mint would go ahead and set your root password as the same thing as your account password automatically. This is insecure because say your password was in the dictionary the only thing keeping you remotely safe in that situation is hopefully the anonymity of your username. If the root password is set to the same thing as your password someone can easily just brute force root. What I think is a more secure way is to disable the root users password this way no once can just brute force root and they are left trying to brute force your username and password which will take them longer. You can still login as root using sudo -i and then typing in your password. That's just me personally. I am a strong believer in the idea that root it self never needs to be the primary login for anyone. Quote
Jason Cooper Posted December 11, 2012 Posted December 11, 2012 (edited) Disabling root login completely sounds a very bad idea to me. Disabling remote root login (e.g. via SSH) makes a lot of sense as root is a known username, even stopping root logging into X-Windows makes some sense, but blocking root from logging in sounds like something that will you will regret at some point in the future, usually just after discovering that something seriously wrong has happened and stuffed up your own account so much that you can't login. In those situations is it nice to be able to login as root and fix the issues without having to boot up a live CD. Also if your account has enough sudo permissions and sudo isn't configured to require the root password instead of the users, then I can see how they may think root having the same password isn't any less secure. After all if the attacker has your password they can just login to your account and then run "sudo su -" or some other variation to get a root shell. Edited December 11, 2012 by Jason Cooper Quote
newbi3 Posted December 11, 2012 Author Posted December 11, 2012 Disabling root login completely sounds a very bad idea to me. Disabling remote root login (e.g. via SSH) makes a lot of sense as root is a known username, even stopping root logging into X-Windows makes some sense, but blocking root from logging in sounds like something that will you will regret at some point in the future, usually just after discovering that something seriously wrong has happened and stuffed up your own account so much that you can't login. In those situations is it nice to be able to login as root and fix the issues without having to boot up a live CD. Also if your account has enough sudo permissions and sudo isn't configured to require the root password instead of the users, then I can see how they may think root having the same password isn't any less secure. After all if the attacker has your password they can just login to your account and then run "sudo su -" or some other variation to get a root shell. You made some good points but in the words of Darren "it makes me feel secure." Quote
Infiltrator Posted January 5, 2013 Posted January 5, 2013 Instead of disabling the root account, which you will need it at some point in time, just change the password to something a bit more complex. Quote
digip Posted January 5, 2013 Posted January 5, 2013 I agree with Infiltrator, just use passwd, change the root password to something other than what your normal user password is. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.