no root password?

Story: Ubuntu'd, you're getting a DellTotal Replies: 17
Author Content
tuxchick

Jun 20, 2007
2:26 PM EST 		"My little one has grown up. As much as it hurts, Linux no longer needs me to support non-geek users."

Silly dad, it's easy. Just keep a secret root login and every so often break something. :D
mohan34u

Jun 23, 2007
11:17 PM EST 		Say to your daughter!! Happy journey with Ubuntu... and ask her to say "Ubuntu Rocks... " to her friends...
schestowitz

Jun 24, 2007
4:01 AM EST 		Ubuntu doesn't do the traditional root routine. It's all about sudo. Simplifications help.
dinotrac

Jun 24, 2007
4:21 AM EST 		>Ubuntu doesn't do the traditional root routine. It's all about sudo. Simplifications help.

Easy to set one up, though, if you want to.
jdixon

Jun 24, 2007
7:35 AM EST 		> Easy to set one up, though, if you want to.

Yeah, but I understand that breaks the sudo process in Ubuntu. When you sudo a command, Ubuntu expects your password, since root doesn't have one. If you set up a root account, it then expects root's password instead.

Better to just set up a second user account on the machine, and use it to break things, since it will still have full sudo rights.
dinotrac

Jun 24, 2007
7:37 AM EST 		> it then expects root's password instead.

Nope. Still takes yours.
jdixon

Jun 24, 2007
8:16 AM EST 		> Nope. Still takes yours.

OK. "I was misinformed". :)
azerthoth

Jun 24, 2007
9:20 AM EST 		Easy enough anyway to modify rights 'visudo' to edit the file and change individuals so that their individual password is acceptable for administrative functions.
tqk

Jun 24, 2007
10:19 AM EST
Quoted:
Silly dad, it's easy. Just keep a secret root login and every so often break something. :D

"Dad, how come logcheck is reporting root logins when I'm not even there, and root's .bash_history is full of misspellings you do all the time? And by the way, I've locked grub and BIOS down with passwords."

Go ahead. Try to get her back now. :-P
techiem2

Jun 24, 2007
12:16 PM EST 		Hardware bios reset -> change boot order -> boot livecd -> "fix" grub

:)

'Course I'm sure a smart enough kiddo would think of something even harder to get around after that.
(heh, hacker wars with your kid....)
mvermeer

Jun 24, 2007
7:16 PM EST 		This story, and this thread, made my morning :-)

Thanks!
hkwint

Jun 27, 2007
4:31 AM EST
Quoted:
Easy enough anyway to modify rights 'visudo' to edit the file and change individuals so that their individual password is acceptable for administrative functions.


Could also add your user to group 'wheel', normally does the trick. I'm to lazy to use 'visudo' anyway, I always use 'sudo nano /etc/sudoers'.

Quoted:
Course I'm sure a smart enough kiddo would think of something even harder to get around


You can give grub a password, not? Also, the BIOS should have a password to disable changing the boot sequence, thereby disabling bypassing using a LiveCD. An encrypted partition (on top of an LVM container which in turn is on top of a software-RAID partition) would also help against bypassing, I used to recommend AES-i586 256 bit, but that seems outdated these days I recently read somewhere. Lastly, your case should have a lock to prevent people from resetting the BIOS by using a piece of Alu-foil (I once did this, because I was to lazy to find the soldering-iron). A lock might be a bit different to implement on a laptop however.
dinotrac

Jun 27, 2007
5:33 AM EST 		>thereby disabling bypassing using a LiveCD.

Unless you yank the battery...

I suppose, if one got really determined and had alone time with the box, one could slide in a "LiveCD" in the form of a hard drive and boot from it...

At that point, however, we've gone way beyond normal physical security. If somebody can take your box apart, they can do anything.
techiem2

Jun 27, 2007
6:25 AM EST
Quoted:
Unless you yank the battery...


That's kinda what I meant by hardware bios reset (either that or the reset jumper if there is one)
:)

But yeah, as you said,

Quoted:
If somebody can take your box apart, they can do anything.


No box is secure once you have physical access to it.
And I assume even an encrypted volume isn't truly secure.
There's probably something out there that could crack it.
All ya need is time and the right tools.
jdixon

Jun 27, 2007
6:30 AM EST 		> All ya need is time and the right tools

Yeah. And it doesn't take all that long to make a sector by sector copy of a hard drive, so the time needed with the original system isn't as long as some might think.
rijelkentaurus

Jun 28, 2007
11:12 AM EST
Quoted:

Better to just set up a second user account on the machine, and use it to break things, since it will still have full sudo rights.


Only the first user is in the sudo group by default, so essentially the first user is an administrator. At least that's how it used to work.
dinotrac

Jun 28, 2007
11:23 AM EST 		>At least that's how it used to work.

Still does, but you can designate any user as an administrator by checking a box in the user's dialog. So simple a MCSE could do it. Maybe.
Sander_Marechal

Jun 28, 2007
1:04 PM EST
Quoted:
So simple a MCSE could do it. Maybe.


Definately not. He'd be asking where the Active Directory interface was.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!