FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 11-09-2008, 08:59 AM
"Carl Friis-Hansen"
 
Default Trouble Logging In as Root

Hi James,
thanks for your enlightenment :-)
I just didn't want to scare the OP with too much detail

>
> On 09/11/2008, at 6:44 PM, Carl Friis-Hansen wrote:
> <snip>
>
> Carl, I'm not trying to single you out dude, just wanted to use the
> opportunity to provide an object lesson in how passwords are handled
> in Linux (and most Unix versions too). It's a trivial nit-pick of
> wording, and I agree with the rest of your post. When I first started
> using Ubuntu (having been a Unix admin since 1994 on Solaris/True64/HP-
> UX/AIX...and Linux) I thought "no root login...WTF?!?!" - but I
> thought I'd give it a chance anyway. Having got used to the whole
> "sudo way", I can't see why people persist with setting a root
> password on desktop systems etc. You want a root shell - "sudo -i".
> You want to do something as root - "sudo <something>". You want to
> run a GUI app as root - "gksudo <GUIapp>" or "kdesu <GUIapp>"...voila!
</snip>

I know I am to be singled out. I started with UNIX in 1982 on Tektronix
and Philips systems when I developed electronic control systems for wind
turbines. The UNIX machine had 2MByte of RAM (sheep) as far as I remember
- wow.

--
Carl Friis-hansen


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-09-2008, 11:14 AM
Franky
 
Default Trouble Logging In as Root

On Sat, 2008-11-08 at 23:28 -0800, hippie dream wrote:
> Hello,
>
> I am having trouble logging in as root on a fresh install of Ubuntu 8.10.

Well, if you like GUI:

1.
System -> Administration -> Users and Groups: here you can set a root
password

2.
System -> Administration -> Login Window -> Security: check "Allow local
system administrator login"

After that, you can login as Root in GUI. Be careful!

Franky (a Ubuntu newbie)




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-09-2008, 05:28 PM
Karl Larsen
 
Default Trouble Logging In as Root

hippie dream wrote:
> Hello,
>
> I am having trouble logging in as root on a fresh install of Ubuntu 8.10.
> During the setup process, I was prompted to give a password which I can use
> perfectly to install programs and make most changes. However, I think the
> system only set me up as a administrator because when I try to login as root
> I receive this message:
>
> sam@sam-laptop:~$ su root
> Password:
> su: Authentication failure
> sam@sam-laptop:~$
>
> Am I missing something really obvious here? How can setup my computer so
> that I can login as root? I have all my files backed up so if another fresh
> install is required that is certainly as possibility.
>
> Thanks for your help.
>
> Sam
>
I can tell you how to get a root password but I will not. You will
never use it. It is not needed. The sudo was invented to do all that is
needed.

Karl


--

Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-09-2008, 05:36 PM
Victor Sterpu
 
Default Trouble Logging In as Root

Just execute "sudo su" on a console.


hippie dream wrote:
> Hello,
>
> I am having trouble logging in as root on a fresh install of Ubuntu 8.10.
> During the setup process, I was prompted to give a password which I can use
> perfectly to install programs and make most changes. However, I think the
> system only set me up as a administrator because when I try to login as root
> I receive this message:
>
> sam@sam-laptop:~$ su root
> Password:
> su: Authentication failure
> sam@sam-laptop:~$
>
> Am I missing something really obvious here? How can setup my computer so
> that I can login as root? I have all my files backed up so if another fresh
> install is required that is certainly as possibility.
>
> Thanks for your help.
>
> Sam
>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2008, 12:58 AM
Derek Broughton
 
Default Trouble Logging In as Root

CLIFFORD ILKAY wrote:

While I fully agree with this:

> Ignore the advice to set a root password. To do things that need root
> privileges, for example to install software, do:
>
> sudo apt-get install foo

_This_ is nuts:

> I keep a root shell open most of the time, which I get by doing:
>
> sudo -i

What do you possibly gain from using "sudo" when you keep yourself logged in
as root?
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2008, 01:20 PM
"Mark Haney"
 
Default Trouble Logging In as Root

CLIFFORD ILKAY wrote:

>>
>> Am I missing something really obvious here? How can setup my computer so
>> that I can login as root? I have all my files backed up so if another fresh
>> install is required that is certainly as possibility.
>
> Hi,
>
> Ignore the advice to set a root password.

Okay, I came rather late to the party but I would like to say a couple
of things here. First and foremost. NEVER leave root without a
password. PERIOD. This is not only probably the biggest security hole
ever, it's just plain wrong. Root is (in the phrasing of Ric Flair)
'THE MAN'. It can do everything. Anyone leaving root exposed runs a
big risk.

I am aware of the fact that Ubuntu gives sudo access to virtually
everything for the first user, but let's examine the possibilities here.
Let's say I compromise your system's primary user account. I can sudo
into root, then lock everyone else out with a couple changes to sudo
using visudo as well as edit the root passwd. What do you do then?
You're busted. Period. There is no real recovery from that, because
even with a rescue CD you pretty much need to know the root passwd.
Sure, if I'm a stupid hacker I can make the root pwd easy to crack, but
if I'm not I set one massively complicated one that would make it
virtually impossible to crack.

That's called being screwed, people. I've seen it happen before. It's
not pretty to try to recover data in a scenario like that without using
something like samhain or tripwire to check file integrity.

A good rule of thumb. Be paranoid. Don't assume no one is out to get
you because it's just you using it as a regular desktop system and not a
server.



>
> sudo apt-get install foo
>
> I keep a root shell open most of the time, which I get by doing:
>
> sudo -i
>
> When you're prompted for the password, just enter the password that you
> assigned to the first account you created.
>

Personally, I also keep a root shell open pretty much all the time I'm
on a system, just in case I do something stupid and lock myself out
(like breaking an sshd config or something.)




--
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2008, 01:58 PM
Nils Kassube
 
Default Trouble Logging In as Root

Mark Haney wrote:
> CLIFFORD ILKAY wrote:
> > Ignore the advice to set a root password.
>
> NEVER leave root without a
> password. PERIOD.

Why do I need a root password if the root account is locked? Clifford
didn't advise to use a blank password but to leave the root account
locked.

> This is not only probably the biggest security hole
> ever, it's just plain wrong. Root is (in the phrasing of Ric Flair)
> 'THE MAN'. It can do everything. Anyone leaving root exposed runs a
> big risk.

Then it is even better to have no root password set with but keep the root
account locked to reduce the exposure, or am I missing something?

> I am aware of the fact that Ubuntu gives sudo access to virtually
> everything for the first user,

But you don't seem to be aware that the root account doesn't have a blank
password but we have a locked root account. You simply can't login as
root unless you intentionally set a root password.

> but let's examine the possibilities
> here. Let's say I compromise your system's primary user account. I can
> sudo into root, then lock everyone else out with a couple changes to
> sudo using visudo as well as edit the root passwd. What do you do
> then? You're busted. Period. There is no real recovery from that,
> because even with a rescue CD you pretty much need to know the root
> passwd.

Why that? I use the Ubuntu LiveCD and can easily get a root shell
with "sudo su". Then I can mount the HD of the compromised system and
make changes to get access again.


Nils

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2008, 02:00 PM
Derek Broughton
 
Default Trouble Logging In as Root

Mark Haney wrote:

> CLIFFORD ILKAY wrote:
>
>>>
>>> Am I missing something really obvious here? How can setup my computer so
>>> that I can login as root? I have all my files backed up so if another
>>> fresh install is required that is certainly as possibility.
>>
>> Ignore the advice to set a root password.
>
> Okay, I came rather late to the party but I would like to say a couple
> of things here. First and foremost. NEVER leave root without a
> password. PERIOD.

As somebody else pointed out, it isn't strictly without a password.

> This is not only probably the biggest security hole
> ever, it's just plain wrong. Root is (in the phrasing of Ric Flair)
> 'THE MAN'. It can do everything. Anyone leaving root exposed runs a
> big risk.

Root is not exposed in a default Ubuntu system.

> I am aware of the fact that Ubuntu gives sudo access to virtually
> everything for the first user, but let's examine the possibilities here.
> Let's say I compromise your system's primary user account. I can sudo
> into root, then lock everyone else out with a couple changes to sudo
> using visudo as well as edit the root passwd. What do you do then?
> You're busted. Period.

Bull. Period. I boot off a liveCD, and fix it. Let's say I compromise
your root account, because everybody who's ever had to do anything as root
has been sharing the password...

> There is no real recovery from that, because
> even with a rescue CD you pretty much need to know the root passwd.

???? In a word, No.

> Personally, I also keep a root shell open pretty much all the time I'm
> on a system, just in case I do something stupid and lock myself out
> (like breaking an sshd config or something.)

LOL, and you're paranoid about security?
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2008, 02:14 PM
"Mark Haney"
 
Default Trouble Logging In as Root

Nils Kassube wrote:
> Mark Haney wrote:
>> CLIFFORD ILKAY wrote:
>>> Ignore the advice to set a root password.
>> NEVER leave root without a
>> password. PERIOD.
>
> Why do I need a root password if the root account is locked? Clifford
> didn't advise to use a blank password but to leave the root account
> locked.
>
>> This is not only probably the biggest security hole
>> ever, it's just plain wrong. Root is (in the phrasing of Ric Flair)
>> 'THE MAN'. It can do everything. Anyone leaving root exposed runs a
>> big risk.
>
> Then it is even better to have no root password set with but keep the root
> account locked to reduce the exposure, or am I missing something?

Locking the root account is fine, even preferred, but leaving it
'unlockable' and with an empty password is stil (IMHO) a bad idea. I've
never preferred locking it WITHOUT a passwd. Again, my advice, be
paranoid.

>
>> I am aware of the fact that Ubuntu gives sudo access to virtually
>> everything for the first user,
>
> But you don't seem to be aware that the root account doesn't have a blank
> password but we have a locked root account. You simply can't login as
> root unless you intentionally set a root password.

I am aware, but that still is only part of the problem, with sudo access
you can unlock root, and still make yourselves even more vulnerable
without a hard to crack passwd. Sure, if the primary user is
compromised, you're screwed anyway, but the point here is never do just
one or the other. Do both. Of course, this only comes with experience,
I've had that happen to me once. Long ago. But hey, it's your system.
Do what you want, I'm just offering my experiences in the past. Never
assume locking root is enough.


>
>> but let's examine the possibilities
>> here. Let's say I compromise your system's primary user account. I can
>> sudo into root, then lock everyone else out with a couple changes to
>> sudo using visudo as well as edit the root passwd. What do you do
>> then? You're busted. Period. There is no real recovery from that,
>> because even with a rescue CD you pretty much need to know the root
>> passwd.
>
> Why that? I use the Ubuntu LiveCD and can easily get a root shell
> with "sudo su". Then I can mount the HD of the compromised system and
> make changes to get access again.

Sure, yeah, that works but only when you have the LiveCD with you. I
personally either a) don't always carry boot disks with me or b) am too
far away from said system to use one. Sure, I carry around a bootable
flash drive that can work, but I don't always carry it with me. Again,
my advice, never assume you'll have one with you, or be close enough to
the system to use it. Trust me, when the poop hits the fan, you're
almost always missing something that would make life easier on hand with
you. (Unless you're Macgyver, then it's open season.)



>
>
> Nils
>


--
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2008, 02:20 PM
Avi Greenbury
 
Default Trouble Logging In as Root

Mark Haney wrote:
> Sure, yeah, that works but only when you have the LiveCD with you. I
> personally either a) don't always carry boot disks with me

Mine's duct-taped to the side of the box.

--
Avi Greenbury http://aviswebsite.co.uk

http://aviswebsite.co.uk/asking-questions/

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 11:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org