Can one set one's own password for root?
in [Linux Help]
|
Prev: [SOLVED] I need a linux distribution with a specific bug fixed inthe kernel
Next: A newbie question for GNU toolchain
From: RodMcKay on 7 Dec 2009 14:35 In all the trialing I've been doing, going to root is as easy as typing in root so far in the terminal (in the LiveCDs). To have even better security, can you set a password for root so that nothing is done by any program, etc., without that one specific password? In other words, can the generic password of root, or whatever it is (I'm going by memory here) still be used even if you've set a password - which I'm assuming can be set when installing Linux? I just thought that would be a great thing and I'm sure it's possible, it's just good to check with the experts when trying out something new. thx.
From: ray on 7 Dec 2009 15:00 On Mon, 07 Dec 2009 14:35:37 -0500, RodMcKay wrote: > In all the trialing I've been doing, going to root is as easy as typing > in root so far in the terminal (in the LiveCDs). To have even better > security, can you set a password for root so that nothing is done by any > program, etc., without that one specific password? In other words, can > the generic password of root, or whatever it is (I'm going by memory > here) still be used even if you've set a password - which I'm assuming > can be set when installing Linux? > > I just thought that would be a great thing and I'm sure it's possible, > it's just good to check with the experts when trying out something new. > thx. It is generally set up that way when you install. Some installations do not have a root password set and that account is not accessible. In such cases 'sudo' is set up to grant specific privileges to certain users. Ubuntu is an example.
From: Stefan Patric on 7 Dec 2009 15:17 On Mon, 07 Dec 2009 14:35:37 -0500, RodMcKay wrote: > In all the trialing I've been doing, going to root is as easy as typing > in root so far in the terminal (in the LiveCDs). To have even better > security, can you set a password for root so that nothing is done by any > program, etc., without that one specific password? In other words, can > the generic password of root, or whatever it is (I'm going by memory > here) still be used even if you've set a password - which I'm assuming > can be set when installing Linux? > > I just thought that would be a great thing and I'm sure it's possible, > it's just good to check with the experts when trying out something new. > thx. Yes. When you initially install a distro, it will ask you to enter the root password. If you've already installed and want to change the root password, you can, but you have to be root to do it. man passwd for more info. As far as changing one's own user password, some distros permit this; others allow only root or a superuser to change passwords. If you change the root password for a LiveCD distro running as a LiveCD, that is, it's not installed on the hard drive, the "generic" password is no longer valid. However, this situation will only last for that session. When you reboot the LiveCD all the changes you've made disappear, and the original root password and settings return. However, there are a couple of Live distros, that permit saving changes on the hard drive. So, that a new LiveCD session "remembers" what you changed, added, etc. If I understand you correctly, you want to be able to password protect an individual app's access to the system or restrict its use to only certain users. Yes. This can be done. Check out SELinux, if you're really security paranoid. Here's a basic overview: http://en.wikipedia.org/wiki/Security-Enhanced_Linux Stef
From: Whiskers on 7 Dec 2009 15:16 On 2009-12-07, RodMcKay <NoJunkMail(a)No.com> wrote: > In all the trialing I've been doing, going to root is as easy as > typing in root so far in the terminal (in the LiveCDs). To have even > better security, can you set a password for root so that nothing is > done by any program, etc., without that one specific password? In > other words, can the generic password of root, or whatever it is (I'm > going by memory here) still be used even if you've set a password - > which I'm assuming can be set when installing Linux? > > I just thought that would be a great thing and I'm sure it's possible, > it's just good to check with the experts when trying out something > new. thx. It's usually considered essential to set a password for 'root' - and to not use root for doing anything unless you can't do it as a more restricted user. Each human user should have their own username and password, with no more than 'normal' privileges. 'LiveCD' systems tend to be 'everything as root' with no possibility of setting up normal users, but since the software is only on removable media, and probably 'read only', the security implications aren't so bad. -- -- ^^^^^^^^^^ -- Whiskers -- ~~~~~~~~~~
From: unruh on 7 Dec 2009 17:23
On 2009-12-07, RodMcKay <NoJunkMail(a)No.com> wrote: > In all the trialing I've been doing, going to root is as easy as > typing in root so far in the terminal (in the LiveCDs). To have even > better security, can you set a password for root so that nothing is > done by any program, etc., without that one specific password? In > other words, can the generic password of root, or whatever it is (I'm > going by memory here) still be used even if you've set a password - > which I'm assuming can be set when installing Linux? Not at all sure what you mean, but: a) root can only have one password ( although you can set up root aliases -- ie usernames like altroot which also have uid=0 but different passwords). b) You should NOT be running things as root. Log in as a user and run things that way. Far far safer. doing things as root is dangerous. It is like repairing live wiring in your house with bare hands. > > I just thought that would be a great thing and I'm sure it's possible, > it's just good to check with the experts when trying out something > new. thx. > |