You are not logged in.

#1 2014-04-07 02:48:05

ThePacman
Member
From: Classified
Registered: 2013-09-19
Posts: 127

No root password

I noticed that I can log on as root via getty without any password!

The root account was secured via passwd -d

I'm safe from SSH attacks (no root login AND no blank passwords). but this seems pretty serious nonetheless.
Does anyone know the proper way to secure the root account? I want to disable the root password completely, so that the only way to log in as root would be via something setuid such as sudo.


Fedora believes in "software freedom" - that is, restricting user software choices to those deemed appropriately licensed by The Powers That Be.
Arch believes in "freedom", as well - the user has control over his or her system and can do what he wants with it.
https://fedoraproject.org/wiki/Forbidden_items | https://wiki.archlinux.org/index.php/The_Arch_Way

Offline

#2 2014-04-07 02:55:15

progandy
Member
Registered: 2012-05-17
Posts: 5,251

Re: No root password

You'll have to use "passwd -l" to lock the account. getty allows login without a password if none is set. Or set a very long password with many special characters like

~Hy3D?kLKX:vchW[6_@DGf=pn_V$;$Tg3$TfXY##S$m5SUr$#9=.~gY8jKFZ@6)FW+y+4Z5G!cCSS?#$hk55@X^XgF8GKHMCq3L{RD`FxAWp>,s?#qV$(h`)TE"gPQdT

Last edited by progandy (2014-04-07 02:57:24)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Online

#3 2014-04-07 02:59:30

ThePacman
Member
From: Classified
Registered: 2013-09-19
Posts: 127

Re: No root password

progandy wrote:

You'll have to use "passwd -l" to lock the account. getty allows login without a password if none is set. Or set a very long password with many special characters like

~Hy3D?kLKX:vchW[6_@DGf=pn_V$;$Tg3$TfXY##S$m5SUr$#9=.~gY8jKFZ@6)FW+y+4Z5G!cCSS?#$hk55@X^XgF8GKHMCq3L{RD`FxAWp>,s?#qV$(h`)TE"gPQdT

Thank you.

One question: I just found the same solution on the wiki, but why does it say that Arch Linux is not fine-tuned to work with the root account locked? What problems might arise?


Fedora believes in "software freedom" - that is, restricting user software choices to those deemed appropriately licensed by The Powers That Be.
Arch believes in "freedom", as well - the user has control over his or her system and can do what he wants with it.
https://fedoraproject.org/wiki/Forbidden_items | https://wiki.archlinux.org/index.php/The_Arch_Way

Offline

#4 2014-04-07 03:29:35

progandy
Member
Registered: 2012-05-17
Posts: 5,251

Re: No root password

ThePacman wrote:

One question: I just found the same solution on the wiki, but why does it say that Arch Linux is not fine-tuned to work with the root account locked? What problems might arise?

I never tried to lock it. But su requires you to enter a password, sudo is not automatically installed and its default configuration allows neither passwordless root access nor root access with your own password.
Edit: So if you don't take care you'll lock yourself out, with only a boot cd to restore root access.

Last edited by progandy (2014-04-07 03:31:49)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Online

Board footer

Powered by FluxBB