root password and security

11 replies [Last post]
Jaret
Offline
Joined: 12/19/2018

https://help.ubuntu.com/community/RootSudo
Hello! I've read the RootSudo article, but I'm not quite understanding it well enough. Is it secure that root user has no password by default? Should I activate root account and give it a strong password for more security?

jxself
Offline
Joined: 09/13/2010

"Is it secure that root user has no password by default?"

Well, the root account is disabled by default so you can't even log in as root at all.

"Should I activate root account and give it a strong password for more security?"

I think that lowers the security, because then it becomes possible to log in as the root user.

Leave root alone (disabled so it's impossible to log in) and use sudo. This is the best practice.

Ignacio.Agullo
Offline
Joined: 09/29/2009

On 27/12/18 14:48, wrote:
> Leave root alone (disabled so it's impossible to log in) and use sudo.
> This is the best practice.

Good advice... except for Debian. :-D

--
Ignacio Agulló · name at domain

loldier
Offline
Joined: 02/17/2016

With Debian, root is optional.

https://wiki.debian.org/Root

Arch (GNU) Linux installs root by default, and the regular user is only created after the first boot. It used to be this way in Fedora, not anymore.

jxself
Offline
Joined: 09/13/2010

"Good advice... except for Debian. :-D"

If memory serves, running the installer in Expert mode results in a prompt about enabling the root user or not.

Jaret
Offline
Joined: 12/19/2018

But when I type "su" command, it asks for the root password which is different from my account's password. What is root password when root is disabled? A hash or something?
When the root account is disabled, does it have empty password?

loldier
Offline
Joined: 02/17/2016

There is no root password. Use sudo su instead.

Magic Banana

I am a member!

Online
Joined: 07/24/2010

There is no need for 'su'. To get a root terminal with 'sudo':
$ sudo -i
To keep most of the current environment (e.g., keep the current value of $HOME, do not 'source'/root/.profile, etc.), you may prefer:
$ sudo -s

loldier
Offline
Joined: 02/17/2016

With 'sudo -i' you get root's directory, using 'sudo su' you stay where you were when you typed that command.

jxself
Offline
Joined: 09/13/2010

That's why Banana also said: "To keep most of the current environment (e.g., keep the current value of $HOME, do not 'source'/root/.profile, etc.), you may prefer..."

loldier
Offline
Joined: 02/17/2016

That's why MBanana is a computer scientist, and I'm a layman. I must admit I failed to parse the sentence. Reading it again, it makes perfect sense.

monomono
Offline
Joined: 12/28/2018