Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Disadvantages of setting a root password?

  1. #1
    Join Date
    Oct 2010
    Location
    Finland
    Beans
    252
    Distro
    Ubuntu

    Disadvantages of setting a root password?

    I was just wondering: are there any actual disadvantages to setting a root password in Ubuntu...especially if you re-disable the root account after setting the password? Setting a root password would also render the password reset method mentioned in the article below useless, right?

    http://www.psychocats.net/ubuntu/resetpassword

    P.S. I have no need to perform any actions that would require actual root access...I'm just wondering whether setting a strong password for root would be a good security measure or not...
    Last edited by na5h; March 23rd, 2013 at 02:12 PM.

  2. #2
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    5,577
    Distro
    Xubuntu 14.10 Utopic Unicorn

    Re: Disadvantages of setting a root password?

    One disadvantage that I can think of is that the ssh guessing bots have a ready-made username to aim for. With Ubuntu, they can guess different root passwords for as long as they like.

  3. #3
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Disadvantages of setting a root password?

    Quote Originally Posted by na5h View Post
    I was just wondering: are there any actual disadvantages to setting a root password in Ubuntu...especially if you re-disable the root account after setting the password? Setting a root password would also render the password reset method mentioned in the article below useless, right?

    http://www.psychocats.net/ubuntu/resetpassword

    P.S. I have no need to perform any actions that would require actual root access...I'm just wondering whether setting a strong password for root would be a good security measure or not...
    If you enable the account, set the password then disable it again, what was the point of adding a password in the first place?

    It would probably be easier/more convenient just to stick to using sudo from your main account because you will only have to remember one password instead of two.

    Quote Originally Posted by The Cog View Post
    One disadvantage that I can think of is that the ssh guessing bots have a ready-made username to aim for. With Ubuntu, they can guess different root passwords for as long as they like.
    As long as you set PermitRootLogin to no or without-password, you wouldn't have to worry about bots bruteforcing the root account, but it is still something to think about.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  4. #4
    Join Date
    Oct 2010
    Location
    Finland
    Beans
    252
    Distro
    Ubuntu

    Re: Disadvantages of setting a root password?

    Quote Originally Posted by The Cog View Post
    One disadvantage that I can think of is that the ssh guessing bots have a ready-made username to aim for.
    But that's not really a problem if the root account is disabled, right? As far as I know, you'd also need to be running an SSH server that allows root access for that to be possible.

  5. #5
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Disadvantages of setting a root password?

    Quote Originally Posted by na5h View Post
    But that's not really a problem if the root account is disabled, right? As far as I know, you'd also need to be running an SSH server that allows root access for that to be possible.
    Correct.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  6. #6
    Join Date
    Oct 2010
    Location
    Finland
    Beans
    252
    Distro
    Ubuntu

    Re: Disadvantages of setting a root password?

    Quote Originally Posted by CharlesA View Post
    If you enable the account, set the password then disable it again, what was the point of adding a password in the first place?
    Setting a root password would render the password reset method mentioned in the psychocats article above useless, right? Though the root account itself would be disabled, wouldn't the password still remain intact?

  7. #7
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Disadvantages of setting a root password?

    Quote Originally Posted by na5h View Post
    Setting a root password would render the password reset method mentioned in the psychocats article above useless, right? Though the root account itself would be disabled, wouldn't the password still remain intact?
    I just tested it on my debian test box and it asks for the root password or to hit ctrl+d to bypass, but it didn't prompt me for the stuff Ubuntu does.

    However, what you said has been brought up before, so the only way you will know what happens for sure is to test it yourself.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  8. #8
    Join Date
    Oct 2010
    Location
    Finland
    Beans
    252
    Distro
    Ubuntu

    Re: Disadvantages of setting a root password?

    Quote Originally Posted by CharlesA View Post
    I just tested it on my debian test box and it asks for the root password or to hit ctrl+d to bypass, but it didn't prompt me for the stuff Ubuntu does.
    What do you mean by "prompt me for the stuff Ubuntu does"?

    It did ask you for the password so it should be all good....um, you can't really just bypass it by simply hitting ctrl+d, right? That would kinda go against the point of having a password in the first place...

  9. #9
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Disadvantages of setting a root password?

    Quote Originally Posted by na5h View Post
    What do you mean by "prompt me for the stuff Ubuntu does"?

    It did ask you for the password so it should be all good....um, you can't really just bypass it by simply hitting ctrl+d, right? That would kinda go against the point of having a password in the first place...
    Debian doesn't have the "friendly recovery menu" thing that Ubuntu does.

    Either that or it isn't installed on my version as I did a minimal install.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  10. #10
    Join Date
    Oct 2010
    Location
    Finland
    Beans
    252
    Distro
    Ubuntu

    Re: Disadvantages of setting a root password?

    Quote Originally Posted by CharlesA View Post
    Debian doesn't have the "friendly recovery menu" thing that Ubuntu does.

    Either that or it isn't installed on my version as I did a minimal install.
    Heh...I see! Anyways, thanks for all the answers...I'll probably go try it out myself in virtualbox...

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •