no root password?
|
| Author | Content |
|---|---|
| tuxchick Jun 20, 2007 3:26 PM EDT |
"My little one has grown up. As much as it hurts, Linux no longer needs me to support non-geek users." Silly dad, it's easy. Just keep a secret root login and every so often break something. :D |
| mohan34u Jun 24, 2007 12:17 AM EDT |
Say to your daughter!! Happy journey with Ubuntu... and ask her to say "Ubuntu Rocks... " to her friends... |
| schestowitz Jun 24, 2007 5:01 AM EDT |
Ubuntu doesn't do the traditional root routine. It's all about sudo. Simplifications help. |
| dinotrac Jun 24, 2007 5:21 AM EDT |
>Ubuntu doesn't do the traditional root routine. It's all about sudo. Simplifications help. Easy to set one up, though, if you want to. |
| jdixon Jun 24, 2007 8:35 AM EDT |
> Easy to set one up, though, if you want to. Yeah, but I understand that breaks the sudo process in Ubuntu. When you sudo a command, Ubuntu expects your password, since root doesn't have one. If you set up a root account, it then expects root's password instead. Better to just set up a second user account on the machine, and use it to break things, since it will still have full sudo rights. |
| dinotrac Jun 24, 2007 8:37 AM EDT |
> it then expects root's password instead. Nope. Still takes yours. |
| jdixon Jun 24, 2007 9:16 AM EDT |
> Nope. Still takes yours. OK. "I was misinformed". :) |
| azerthoth Jun 24, 2007 10:20 AM EDT |
Easy enough anyway to modify rights 'visudo' to edit the file and change individuals so that their individual password is acceptable for administrative functions. |
| tqk Jun 24, 2007 11:19 AM EDT |
Quoting:Silly dad, it's easy. Just keep a secret root login and every so often break something. :D"Dad, how come logcheck is reporting root logins when I'm not even there, and root's .bash_history is full of misspellings you do all the time? And by the way, I've locked grub and BIOS down with passwords." Go ahead. Try to get her back now. :-P |
| techiem2 Jun 24, 2007 1:16 PM EDT |
Hardware bios reset -> change boot order -> boot livecd -> "fix" grub :) 'Course I'm sure a smart enough kiddo would think of something even harder to get around after that. (heh, hacker wars with your kid....) |
| mvermeer Jun 24, 2007 8:16 PM EDT |
This story, and this thread, made my morning :-) Thanks! |
| hkwint Jun 27, 2007 5:31 AM EDT |
Quoting:Easy enough anyway to modify rights 'visudo' to edit the file and change individuals so that their individual password is acceptable for administrative functions. Could also add your user to group 'wheel', normally does the trick. I'm to lazy to use 'visudo' anyway, I always use 'sudo nano /etc/sudoers'. Quoting:Course I'm sure a smart enough kiddo would think of something even harder to get around You can give grub a password, not? Also, the BIOS should have a password to disable changing the boot sequence, thereby disabling bypassing using a LiveCD. An encrypted partition (on top of an LVM container which in turn is on top of a software-RAID partition) would also help against bypassing, I used to recommend AES-i586 256 bit, but that seems outdated these days I recently read somewhere. Lastly, your case should have a lock to prevent people from resetting the BIOS by using a piece of Alu-foil (I once did this, because I was to lazy to find the soldering-iron). A lock might be a bit different to implement on a laptop however. |
| dinotrac Jun 27, 2007 6:33 AM EDT |
>thereby disabling bypassing using a LiveCD. Unless you yank the battery... I suppose, if one got really determined and had alone time with the box, one could slide in a "LiveCD" in the form of a hard drive and boot from it... At that point, however, we've gone way beyond normal physical security. If somebody can take your box apart, they can do anything. |
| techiem2 Jun 27, 2007 7:25 AM EDT |
Quoting:Unless you yank the battery... That's kinda what I meant by hardware bios reset (either that or the reset jumper if there is one) :) But yeah, as you said, Quoting:If somebody can take your box apart, they can do anything. No box is secure once you have physical access to it. And I assume even an encrypted volume isn't truly secure. There's probably something out there that could crack it. All ya need is time and the right tools. |
| jdixon Jun 27, 2007 7:30 AM EDT |
> All ya need is time and the right tools Yeah. And it doesn't take all that long to make a sector by sector copy of a hard drive, so the time needed with the original system isn't as long as some might think. |
| rijelkentaurus Jun 28, 2007 12:12 PM EDT |
Quoting: Better to just set up a second user account on the machine, and use it to break things, since it will still have full sudo rights. Only the first user is in the sudo group by default, so essentially the first user is an administrator. At least that's how it used to work. |
| dinotrac Jun 28, 2007 12:23 PM EDT |
>At least that's how it used to work. Still does, but you can designate any user as an administrator by checking a box in the user's dialog. So simple a MCSE could do it. Maybe. |
| Sander_Marechal Jun 28, 2007 2:04 PM EDT |
Quoting:So simple a MCSE could do it. Maybe. Definately not. He'd be asking where the Active Directory interface was. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!