On 09/11/2008, at 6:44 PM, Carl Friis-Hansen wrote:
there is by default no password for root.
Actually, there *IS* a password for root:
#cat /etc/passwd /etc/shadow | grep root
The second field on the second line is the _hashed_ password from /etc/
HOWEVER, there is *nothing* you can enter that will cause
crypt(+md5..etc) to hash to a value of "*". Therefore login using
root's account directly is not possible. To say that there is "no
password for root" implies that passwordless login is possible; which
of course it isn't.
Carl, I'm not trying to single you out dude, just wanted to use the
opportunity to provide an object lesson in how passwords are handled
in Linux (and most Unix versions too). It's a trivial nit-pick of
wording, and I agree with the rest of your post. When I first started
using Ubuntu (having been a Unix admin since 1994 on Solaris/True64/HP-
UX/AIX...and Linux) I thought "no root login...WTF?!?!" - but I
thought I'd give it a chance anyway. Having got used to the whole
"sudo way", I can't see why people persist with setting a root
password on desktop systems etc. You want a root shell - "sudo -i".
You want to do something as root - "sudo <something>". You want to
run a GUI app as root - "gksudo <GUIapp>" or "kdesu <GUIapp>"...voila!
Who needs root anyway? On server machines with many admins, I've
always set the root password to be something long, completely random
(pwgen anyone?) and put it in an envelope in a locked box/safety
deposit box. Paranoia? No. Simply the idea that if a machine is
soooo broken that not even sudo works, you need a bloody good reason
for breaking out root - which usually means fessing up to senior
admins and/or management. Differnet horses for different courses.
Oh, and if you've got physical access to a box, then all bets are off.
ubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users