root user

Johnny Rosenberg gurus.knugum at gmail.com
Sun Jan 1 16:47:18 UTC 2012 

2012/1/1 Chris Green <cl at isbd.net>:
> On Sun, Jan 01, 2012 at 11:05:49AM -0500, AV3 wrote:
>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>> >root is disabled, and it does not have a passwd. if you really want to
>> >use "root", just set a passwd for it.
>> >
>> >command:
>> >
>>
>>
>> You can do this, but it is not a good idea. The major security
>> advantage of Unix OS's over Windows is afforded by their disabled
>> root accounts inaccessible to outside intruders. Keep it that way,
>> unless you have a truly compelling reason to risk your root
>> account's security for.
>>
> I have never quite followed this security reason for not enabling root.
>
> If someone guesses/finds the "sudo to root" user's password then they
> can get to do nasty root things just as easily as if the root account
> was enabled and they guess the root password.

I guess that a part of the security enhancement in sudo is that you
don't have to remember to logout from root privileges.

>
> To my mind the only major advantage of using sudo rather than having a
> root password is simply that it leaves an audit trail of who did what.
>
> A root password actually adds a little security if remote root login is
> not allowed, you have to know two passwords, one for a user login and
> one for a root login, to get root access.

I never fiddled much with other distributions than Ubuntu (although I
have tried a few out in other aspects), but if you have a root
password, isn't it possible to login to the root directly from the
login screen? In that case you still only need to know one password.
But maybe that isn't possible.

>
> However, having said all that, for *simplicity* then a user with sudo
> access does make support etc. much easier and on single user home Linux
> systems that is a major advantage.
>
> --
> Chris Green

 Personally I use sudo because I have never used anything else, so I
don't find it particularly complicated. The password lasts for maybe
15 minutes or so, so at least you don't have to enter your password
for every command. If I forget the sudo, and try to run a command as
user, I can always re-run it by typing ”sudo !!”, which means ”sudo
<last command>”.


Kind regards

Johnny Rosenberg
ジョニー・ローゼンバーグ

More information about the ubuntu-users mailing list