Anyway, I'll stop ranting. How does one go about assigning ROOT a
password?
Mike
sudo passwd root
This will ask for your password, then ask you to type in
the new password for root.
The reason for not having a root password is to prevent the
software that is used to crack passwords from being able
to get to your system.
FYI
Chuck
Oh my gosh that was easy!* I _love_ this mailing list.
Y'all are just so smart.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 03:51 AM
Larry Hartman
Assigning ROOT a password
> The reason for not having a root password is to prevent the
> software that is used to crack passwords from being able
> to get to your system.
>
huh? I am dizzified by this statement.
Seems counterintuitive to all that I have been taught about user account
security. I can hear the MS sys admins hollaring now, use a 16-digit,
random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
password!
If the above is the case, it leads to the next question, why assign any
passwords for other usernames? I'd like to know the logic behind the above
quoted statement better....and what distinguishes security for root, vice
security for a username that uses its own password for SUDO access, that can
lead to root access?
Larry
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 04:03 AM
Billie Walsh
Assigning ROOT a password
Larry Hartman wrote:
>> The reason for not having a root password is to prevent the
>> software that is used to crack passwords from being able
>> to get to your system.
>>
>>
>
> huh? I am dizzified by this statement.
>
> Seems counterintuitive to all that I have been taught about user account
> security. I can hear the MS sys admins hollaring now, use a 16-digit,
> random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
> password!
>
> If the above is the case, it leads to the next question, why assign any
> passwords for other usernames? I'd like to know the logic behind the above
> quoted statement better....and what distinguishes security for root, vice
> security for a username that uses its own password for SUDO access, that can
> lead to root access?
>
>
> Larry
>
>
>
If there's no "root password" how can a password cracker "crack" it.
Using your regular password as "sudo" doesn't look obviously right to
someone trying to crack your "root password" [ unless they know that
root access is done by sudo on a particular system ].
--
Life is what happens while your busy making other plans.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 07:51 AM
"Willy Hamra"
Assigning ROOT a password
i dont even know why you need a root password, i started using kubuntu a year ago with feisty, and so far, i never cursed the fact that there is no root password, i like it this way. i learned this lesson the hard way on windows, default users there are admins, if people use non-admin users, viruses wouldnt have been this widespread. it is a better practice to avoid root, i know that most of you would say you are going to log as root for few minutes only, but a lot of newbies out there will be glad to read these emails and start spending all their time as root. that is one of the reasons that made the ubuntu developers decide to make root in accessible in the first place.
On Mon, Apr 28, 2008 at 7:03 AM, Billie Walsh <bilwalsh@swbell.net> wrote:
Larry Hartman wrote:
>> The reason for not having a root password is to prevent the
>> software that is used to crack passwords from being able
>> to get to your system.
>>
>>
>
> huh? *I am dizzified by this statement.
>
> Seems counterintuitive to all that I have been taught about user account
> security. *I can hear the MS sys admins hollaring now, use a 16-digit,
> random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
> password!
>
> If the above is the case, it leads to the next question, why assign any
> passwords for other usernames? *I'd like to know the logic behind the above
> quoted statement better....and what distinguishes security for root, vice
> security for a username that uses its own password for SUDO access, that can
> lead to root access?
>
>
> Larry
>
>
>
If there's no "root password" how can a password cracker "crack" it.
Using your regular password as "sudo" doesn't look obviously right to
someone trying to crack your "root password" [ unless they know that
root access is done by sudo on a particular system ].
--
Life is what happens while your busy making other plans.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 11:19 AM
"Michael Leone"
Assigning ROOT a password
On Mon, Apr 28, 2008 at 12:03 AM, Billie Walsh <bilwalsh@swbell.net> wrote:
> >
> If there's no "root password" how can a password cracker "crack" it.
> Using your regular password as "sudo" doesn't look obviously right to
> someone trying to crack your "root password" [ unless they know that
> root access is done by sudo on a particular system ].
Well, then ... if someone wanted to hack your system, it should be
within their capabilities to determine what type of OS you're running.
And since EVERYBODY knows that Ubuntu distros don't have a root
password, it can't be too hard for them to then change their focus to
cracking the other passwords on your system. Fot home systems, there's
*usually) not dozens of logins, so that lessens the job.
--
Michael J. Leone
<mailto:turgon@mike-leone.com>
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 11:34 AM
David Fletcher
Assigning ROOT a password
At 12:19 28/04/2008, you wrote:
>On Mon, Apr 28, 2008 at 12:03 AM, Billie Walsh <bilwalsh@swbell.net> wrote:
>
>Well, then ... if someone wanted to hack your system, it should be
>within their capabilities to determine what type of OS you're running.
>And since EVERYBODY knows that Ubuntu distros don't have a root
>password, it can't be too hard for them to then change their focus to
>cracking the other passwords on your system. Fot home systems, there's
>*usually) not dozens of logins, so that lessens the job.
I think the point here is that if the root password is enabled,
everybody knows what the user ID is - it is root. So the cracker
already knows the user ID and 'only' has to guess the password.
When the root login is disabled a cracker has no idea what logins are
available, and has little chance of guessing both a user ID and a
password at the same time even if it is a weak password.
Dave
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 12:51 PM
"Michael Leone"
Assigning ROOT a password
On Mon, Apr 28, 2008 at 7:34 AM, David Fletcher
<kubuntu-users@thefletchers.net> wrote:
> At 12:19 28/04/2008, you wrote:
> >On Mon, Apr 28, 2008 at 12:03 AM, Billie Walsh <bilwalsh@swbell.net> wrote:
> >
>
> >Well, then ... if someone wanted to hack your system, it should be
> >within their capabilities to determine what type of OS you're running.
> >And since EVERYBODY knows that Ubuntu distros don't have a root
> >password, it can't be too hard for them to then change their focus to
> >cracking the other passwords on your system. Fot home systems, there's
> >*usually) not dozens of logins, so that lessens the job.
>
> I think the point here is that if the root password is enabled,
> everybody knows what the user ID is - it is root. So the cracker
> already knows the user ID and 'only' has to guess the password.
>
> When the root login is disabled a cracker has no idea what logins are
> available, and has little chance of guessing both a user ID and a
> password at the same time even if it is a weak password.
My point was, that on a home system, there aren't that many logins, so
guessing your login is a lot easier than guessing a login out of the
1200 we have at work, for example. A home user typically has .. what
.. 5 logins at most? (not counting the ones created for applications,
and are pretty standard). And once they know that, they can target
your password.
It adds another layer of complexity, that's all. It's meant to
discourage "casual" attacks - the drive-by kind. If someone wants to
seriously get into *your* machine (targeting you, specifically),
having an unassigned root password will not be an insurmountable
barrier.
If it bothers you to have a root password, then remove it. "sudo
passwd -l root".
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 01:06 PM
Larry Hartman
Assigning ROOT a password
On Monday 28 April 2008 04:34:54 am David Fletcher wrote:
> At 12:19 28/04/2008, you wrote:
> >On Mon, Apr 28, 2008 at 12:03 AM, Billie Walsh <bilwalsh@swbell.net>
> > wrote:
> >
> >Well, then ... if someone wanted to hack your system, it should be
> >within their capabilities to determine what type of OS you're running.
> >And since EVERYBODY knows that Ubuntu distros don't have a root
> >password, it can't be too hard for them to then change their focus to
> >cracking the other passwords on your system. Fot home systems, there's
> >*usually) not dozens of logins, so that lessens the job.
>
> I think the point here is that if the root password is enabled,
> everybody knows what the user ID is - it is root. So the cracker
> already knows the user ID and 'only' has to guess the password.
>
> When the root login is disabled a cracker has no idea what logins are
> available, and has little chance of guessing both a user ID and a
> password at the same time even if it is a weak password.
>
> Dave
Ok I think I get it now, root account is disabled vice enabled with no
password? I'm getting slower as I get older.
Larry
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 01:08 PM
Constantinos Maltezos
Assigning ROOT a password
On Monday 28 April 2008 7:51:17 Michael Leone wrote:
> It adds another layer of complexity, that's all. It's meant to
> discourage "casual" attacks - the drive-by kind. If someone wants to
> seriously get into *your* machine (targeting you, specifically),
> having an unassigned root password will not be an insurmountable
> barrier.
I'm pulling a figure out of the air and saying that I bet at least 90% of all
attacks like this are "casual". Unless one makes a habit of going around
seriously ticking off the people who do this sort of thing. Or you have
something very important that everyone knows about.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
04-28-2008, 02:14 PM
Derek Broughton
Assigning ROOT a password
Larry Hartman wrote:
>> The reason for not having a root password is to prevent the
>> software that is used to crack passwords from being able
>> to get to your system.
>>
>
> huh? I am dizzified by this statement.
If you know a username on the system, you're halfway to cracking an account.
Having a user named "root" is just silly.
> Seems counterintuitive to all that I have been taught about user account
> security. I can hear the MS sys admins hollaring now, use a 16-digit,
> random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
> password!
>
> If the above is the case, it leads to the next question, why assign any
> passwords for other usernames?
Sorry Larry, I just can't parse a meaningful question out of that.
Who "assigns" passwords? What does MS have to do with the question of
what's a safe password (I was hearing these sorts of suggestions before any
of us had a Windows computer)? And what does the complexity of the
password have to do with whether it's root's password or a user's?
> I'd like to know the logic behind the
> above quoted statement better....and what distinguishes security for root,
> vice security for a username that uses its own password for SUDO access,
> that can lead to root access?
A shared secret is not a secret. If more than one person knows root's
password, assume it's not a secret. Using sudo, you know _who_ got root
access. It's not so much having locks on the house, as having a security
camera to see who comes in.
I administer a CentOS system that has a root account. I don't know the root
password; since I've never had physical access to the system, I probably
couldn't ssh in as root anyway; and I've never had any trouble
administering it via sudo.
--
derek
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
Assigning ROOT a password
