Page 3 of 3 FirstFirst 123
Results 21 to 23 of 23

Thread: how do i log in as root

  1. #21
    Join Date
    Aug 2007
    Location
    New Jersey, USA
    Beans
    382
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: how do i log in as root

    When I need root access, I type
    Code:
    sudo -s
    and it make you root untill you close the terminal. Correct me if I'm wrong.

  2. #22
    Join Date
    Jul 2008
    Beans
    1,706

    Re: how do i log in as root

    ty all now shiny thanks badges for all of you

  3. #23
    Join Date
    May 2006
    Beans
    301
    Distro
    Kubuntu Karmic Koala (testing)

    Thumbs down Re: how do i log in as root

    Quote Originally Posted by protogenesis View Post
    Right, I'm aware that root is disabled/no password. The reason behind this is that 'root' is known as, well, the 'root' account on all POSIX-compliant systems. My suggestion was, if you absolutely *need* a root account, you could create another account with a different name but a UID/GID 0, one that someone trying to 'hack' your system wouldn't know.

    Case in point: I set up Ubuntu server about three weeks ago. Within the first 24 hours, someone from China spent about ninety minutes trying to SSH to my machine (which tye could) and guess the root password. They never did breach the system as root has no password.

    Granted, I agree with this logic: no password for root!

    My argument is that if you NEED a root account, you could create one with a different username but UID/GID 0. Leave root there, no password, but give the new 'root' account a password. I do not advocate this as secure, but consider the sudo command and what it allows. If you argue that you should use sudo, what would the logic be? Using your own account name, one that someone wouldn't be able to guess in a 'hack' attempt? All someone has to do is guess your username, guess the password and they'll be able to 'sudo' until their heart's content. What is the difference between cracking a priveleged /etc/sudoer account versus a UID/GID 0 account with a name that isn't 'root?' In either case, a cracker only needs to guess the password of the account in question and boom, compromised system.

    Thoughts on this?
    I really don't see the benefit of this if you already have a user with sudo privelges because they give themselves root privelges via sudo anyways, the need for another root account is pointless because if they could "guess" your username wouldn't they "guess" the new root account's name?

Page 3 of 3 FirstFirst 123

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •