FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Kubuntu User

 
 
LinkBack Thread Tools
 
Old 04-27-2008, 09:37 PM
Michael
 
Default Assigning ROOT a password

chuck adams wrote:

On Sunday 27 April 2008 14:10:56 Michael wrote:



Anyway, I'll stop ranting. How does one go about assigning ROOT a
password?

Mike



sudo passwd root


This will ask for your password, then ask you to type in
the new password for root.

The reason for not having a root password is to prevent the
software that is used to crack passwords from being able
to get to your system.

FYI

Chuck

Oh my gosh that was easy!* I _love_ this mailing list.

Y'all are just so smart.








--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 03:51 AM
Larry Hartman
 
Default Assigning ROOT a password

> The reason for not having a root password is to prevent the
> software that is used to crack passwords from being able
> to get to your system.
>

huh? I am dizzified by this statement.

Seems counterintuitive to all that I have been taught about user account
security. I can hear the MS sys admins hollaring now, use a 16-digit,
random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
password!

If the above is the case, it leads to the next question, why assign any
passwords for other usernames? I'd like to know the logic behind the above
quoted statement better....and what distinguishes security for root, vice
security for a username that uses its own password for SUDO access, that can
lead to root access?


Larry


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 04:03 AM
Billie Walsh
 
Default Assigning ROOT a password

Larry Hartman wrote:
>> The reason for not having a root password is to prevent the
>> software that is used to crack passwords from being able
>> to get to your system.
>>
>>
>
> huh? I am dizzified by this statement.
>
> Seems counterintuitive to all that I have been taught about user account
> security. I can hear the MS sys admins hollaring now, use a 16-digit,
> random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
> password!
>
> If the above is the case, it leads to the next question, why assign any
> passwords for other usernames? I'd like to know the logic behind the above
> quoted statement better....and what distinguishes security for root, vice
> security for a username that uses its own password for SUDO access, that can
> lead to root access?
>
>
> Larry
>
>
>
If there's no "root password" how can a password cracker "crack" it.
Using your regular password as "sudo" doesn't look obviously right to
someone trying to crack your "root password" [ unless they know that
root access is done by sudo on a particular system ].

--
Life is what happens while your busy making other plans.


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 07:51 AM
"Willy Hamra"
 
Default Assigning ROOT a password

i dont even know why you need a root password, i started using kubuntu a year ago with feisty, and so far, i never cursed the fact that there is no root password, i like it this way. i learned this lesson the hard way on windows, default users there are admins, if people use non-admin users, viruses wouldnt have been this widespread. it is a better practice to avoid root, i know that most of you would say you are going to log as root for few minutes only, but a lot of newbies out there will be glad to read these emails and start spending all their time as root. that is one of the reasons that made the ubuntu developers decide to make root in accessible in the first place.


On Mon, Apr 28, 2008 at 7:03 AM, Billie Walsh <bilwalsh@swbell.net> wrote:

Larry Hartman wrote:

>> The reason for not having a root password is to prevent the

>> software that is used to crack passwords from being able

>> to get to your system.

>>

>>

>

> huh? *I am dizzified by this statement.

>

> Seems counterintuitive to all that I have been taught about user account

> security. *I can hear the MS sys admins hollaring now, use a 16-digit,

> random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers

> password!

>

> If the above is the case, it leads to the next question, why assign any

> passwords for other usernames? *I'd like to know the logic behind the above

> quoted statement better....and what distinguishes security for root, vice

> security for a username that uses its own password for SUDO access, that can

> lead to root access?

>

>

> Larry

>

>

>

If there's no "root password" how can a password cracker "crack" it.

Using your regular password as "sudo" doesn't look obviously right to

someone trying to crack your "root password" [ unless they know that

root access is done by sudo on a particular system ].



--

Life is what happens while your busy making other plans.





--

kubuntu-users mailing list

kubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users



--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 11:19 AM
"Michael Leone"
 
Default Assigning ROOT a password

On Mon, Apr 28, 2008 at 12:03 AM, Billie Walsh <bilwalsh@swbell.net> wrote:

> >
> If there's no "root password" how can a password cracker "crack" it.
> Using your regular password as "sudo" doesn't look obviously right to
> someone trying to crack your "root password" [ unless they know that
> root access is done by sudo on a particular system ].

Well, then ... if someone wanted to hack your system, it should be
within their capabilities to determine what type of OS you're running.
And since EVERYBODY knows that Ubuntu distros don't have a root
password, it can't be too hard for them to then change their focus to
cracking the other passwords on your system. Fot home systems, there's
*usually) not dozens of logins, so that lessens the job.


--
Michael J. Leone
<mailto:turgon@mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 11:34 AM
David Fletcher
 
Default Assigning ROOT a password

At 12:19 28/04/2008, you wrote:
>On Mon, Apr 28, 2008 at 12:03 AM, Billie Walsh <bilwalsh@swbell.net> wrote:
>
>Well, then ... if someone wanted to hack your system, it should be
>within their capabilities to determine what type of OS you're running.
>And since EVERYBODY knows that Ubuntu distros don't have a root
>password, it can't be too hard for them to then change their focus to
>cracking the other passwords on your system. Fot home systems, there's
>*usually) not dozens of logins, so that lessens the job.

I think the point here is that if the root password is enabled,
everybody knows what the user ID is - it is root. So the cracker
already knows the user ID and 'only' has to guess the password.

When the root login is disabled a cracker has no idea what logins are
available, and has little chance of guessing both a user ID and a
password at the same time even if it is a weak password.

Dave


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 12:51 PM
"Michael Leone"
 
Default Assigning ROOT a password

On Mon, Apr 28, 2008 at 7:34 AM, David Fletcher
<kubuntu-users@thefletchers.net> wrote:
> At 12:19 28/04/2008, you wrote:
> >On Mon, Apr 28, 2008 at 12:03 AM, Billie Walsh <bilwalsh@swbell.net> wrote:
> >
>
> >Well, then ... if someone wanted to hack your system, it should be
> >within their capabilities to determine what type of OS you're running.
> >And since EVERYBODY knows that Ubuntu distros don't have a root
> >password, it can't be too hard for them to then change their focus to
> >cracking the other passwords on your system. Fot home systems, there's
> >*usually) not dozens of logins, so that lessens the job.
>
> I think the point here is that if the root password is enabled,
> everybody knows what the user ID is - it is root. So the cracker
> already knows the user ID and 'only' has to guess the password.
>
> When the root login is disabled a cracker has no idea what logins are
> available, and has little chance of guessing both a user ID and a
> password at the same time even if it is a weak password.

My point was, that on a home system, there aren't that many logins, so
guessing your login is a lot easier than guessing a login out of the
1200 we have at work, for example. A home user typically has .. what
.. 5 logins at most? (not counting the ones created for applications,
and are pretty standard). And once they know that, they can target
your password.

It adds another layer of complexity, that's all. It's meant to
discourage "casual" attacks - the drive-by kind. If someone wants to
seriously get into *your* machine (targeting you, specifically),
having an unassigned root password will not be an insurmountable
barrier.

If it bothers you to have a root password, then remove it. "sudo
passwd -l root".

<http://www.debianadmin.com/enable-and-disable-ubuntu-root-password.html>

--
Michael J. Leone
<mailto:turgon@mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 01:06 PM
Larry Hartman
 
Default Assigning ROOT a password

On Monday 28 April 2008 04:34:54 am David Fletcher wrote:
> At 12:19 28/04/2008, you wrote:
> >On Mon, Apr 28, 2008 at 12:03 AM, Billie Walsh <bilwalsh@swbell.net>
> > wrote:
> >
> >Well, then ... if someone wanted to hack your system, it should be
> >within their capabilities to determine what type of OS you're running.
> >And since EVERYBODY knows that Ubuntu distros don't have a root
> >password, it can't be too hard for them to then change their focus to
> >cracking the other passwords on your system. Fot home systems, there's
> >*usually) not dozens of logins, so that lessens the job.
>
> I think the point here is that if the root password is enabled,
> everybody knows what the user ID is - it is root. So the cracker
> already knows the user ID and 'only' has to guess the password.
>
> When the root login is disabled a cracker has no idea what logins are
> available, and has little chance of guessing both a user ID and a
> password at the same time even if it is a weak password.
>
> Dave

Ok I think I get it now, root account is disabled vice enabled with no
password? I'm getting slower as I get older.

Larry

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 01:08 PM
Constantinos Maltezos
 
Default Assigning ROOT a password

On Monday 28 April 2008 7:51:17 Michael Leone wrote:
> It adds another layer of complexity, that's all. It's meant to
> discourage "casual" attacks - the drive-by kind. If someone wants to
> seriously get into *your* machine (targeting you, specifically),
> having an unassigned root password will not be an insurmountable
> barrier.

I'm pulling a figure out of the air and saying that I bet at least 90% of all
attacks like this are "casual". Unless one makes a habit of going around
seriously ticking off the people who do this sort of thing. Or you have
something very important that everyone knows about.

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 
Old 04-28-2008, 02:14 PM
Derek Broughton
 
Default Assigning ROOT a password

Larry Hartman wrote:

>> The reason for not having a root password is to prevent the
>> software that is used to crack passwords from being able
>> to get to your system.
>>
>
> huh? I am dizzified by this statement.

If you know a username on the system, you're halfway to cracking an account.
Having a user named "root" is just silly.

> Seems counterintuitive to all that I have been taught about user account
> security. I can hear the MS sys admins hollaring now, use a 16-digit,
> random, 4 special characters, 4 lower-case, 4 upper-case, and 4 numbers
> password!
>
> If the above is the case, it leads to the next question, why assign any
> passwords for other usernames?

Sorry Larry, I just can't parse a meaningful question out of that.
Who "assigns" passwords? What does MS have to do with the question of
what's a safe password (I was hearing these sorts of suggestions before any
of us had a Windows computer)? And what does the complexity of the
password have to do with whether it's root's password or a user's?

> I'd like to know the logic behind the
> above quoted statement better....and what distinguishes security for root,
> vice security for a username that uses its own password for SUDO access,
> that can lead to root access?

A shared secret is not a secret. If more than one person knows root's
password, assume it's not a secret. Using sudo, you know _who_ got root
access. It's not so much having locks on the house, as having a security
camera to see who comes in.

I administer a CentOS system that has a root account. I don't know the root
password; since I've never had physical access to the system, I probably
couldn't ssh in as root anyway; and I've never had any trouble
administering it via sudo.
--
derek


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org