PDA

View Full Version : Why not to have a root password?



Fixman
January 1st, 2008, 11:59 PM
I mean, probably you will never use it, only if you lose your original password, where the only problem would be forgetting also the root password. But, isn't very exploitable an Ubuntu without a root password? I mean, somebody could just su and access your root account! Wouldn't be easier if somebody had a very easy to remember root password, and have lots more of security?

jken146
January 2nd, 2008, 12:04 AM
There is more security if there is *no* root password, like the default setup in Ubuntu. It isn't that there is no password -- the root account is locked, so no one can log in as root (not with su or any other way). See https://wiki.ubuntu.com/RootSudo.

blithen
January 2nd, 2008, 12:05 AM
This really isn't the place for this..

HermanAB
January 2nd, 2008, 12:06 AM
Ubuntu uses Sudo to provide fine grained permission control. With Sudo, a root password is not needed. Other distributions don't use Sudo and therefore need root passwords. Simple as that.

Cheers,

Herman

Fixman
January 2nd, 2008, 12:28 AM
I actually ment having a root password only in case you forget the normal password.

shad0w_walker
January 2nd, 2008, 12:30 AM
If you have forgotten your password you can reset it from recovery mode. You don't need a root password. Do you honestly think that the Ubuntu developers wouldn't have thought 'Gee, what happens when you forget your password?'

aysiu
January 2nd, 2008, 01:27 AM
I mean, probably you will never use it, only if you lose your original password, where the only problem would be forgetting also the root password. But, isn't very exploitable an Ubuntu without a root password? I mean, somebody could just su and access your root account! Wouldn't be easier if somebody had a very easy to remember root password, and have lots more of security?
You can't su to root in Ubuntu unless you activate the root account and set up a password for it.

Why don't you understand the security setup before criticizing it?
https://help.ubuntu.com/community/RootSudo
http://www.psychocats.net/ubuntu/security