root password
in [Setup]
|
From: Arno on 7 Jul 2010 10:22 jny0 <jny0(a)hotmail.com> wrote: > I'm installing fedora12. I run the CD, which gives me the option to > log-in as liver system user. I then lick on the Install to Hard Drive > icon, which begins the installation procedure. After setting up a > couple of settings (location, etc) I'm asked to enter a root > password. I enter it, and continue the installation. Oncompletion, I > restart the computer, and am prompted to set up a user account. I > then log in with the user account, as this is the only option > available. When I then try to login as root (through a terminal), I > keep being told that there's authentication failure. I know the > password is correct, and have gone though this process many time now. > Any ideas? Some people think that log-in as root is a security risk. I have been active in the security field for quite some time, and I still do not follow the reasoning behind this. In fact, it strikes me as the wrong thing to do, because at least I am far more careful with my root accounts than with the user accounts and to create that mind-set reliably, I need an original root log-in. I also believe allowing ssh remote root log-in causes less risk than denying it and going the su way. That said, Fedore12 does not agree and forces you to log in as user and then do a su. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno(a)wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
From: The Natural Philosopher on 7 Jul 2010 12:13 Arno wrote: > jny0 <jny0(a)hotmail.com> wrote: >> I'm installing fedora12. I run the CD, which gives me the option to >> log-in as liver system user. I then lick on the Install to Hard Drive >> icon, which begins the installation procedure. After setting up a >> couple of settings (location, etc) I'm asked to enter a root >> password. I enter it, and continue the installation. Oncompletion, I >> restart the computer, and am prompted to set up a user account. I >> then log in with the user account, as this is the only option >> available. When I then try to login as root (through a terminal), I >> keep being told that there's authentication failure. I know the >> password is correct, and have gone though this process many time now. >> Any ideas? > > Some people think that log-in as root is a security risk. > > I have been active in the security field for quite some time, > and I still do not follow the reasoning behind this. In fact, > it strikes me as the wrong thing to do, because at least I > am far more careful with my root accounts than with the > user accounts and to create that mind-set reliably, I need > an original root log-in. I also believe allowing ssh > remote root log-in causes less risk than denying it and > going the su way. > > That said, Fedore12 does not agree and forces you to > log in as user and then do a su. > > Arno I think the reasoning is that typouing su <command> is less likely to destroy a system than someone who forgets they are root and types something deeply destructive like rm -r * whilst in /etc when they thought they were in /home/user/myjunk
From: Doug Freyburger on 7 Jul 2010 17:03 The Natural Philosopher wrote: > Arno wrote: > >> Some people think that log-in as root is a security risk. >> >> I have been active in the security field for quite some time, >> and I still do not follow the reasoning behind this. In fact, >> it strikes me as the wrong thing to do, because at least I One reason is the encryption used during login sessions is stronger than the encryption used to establish sessions. If you want to snif a network and crack it you're more able to do so at the point of the weaker encrypton. It turns out this is a very weak argument. Most cracks are done using bugs in programs than by cracking passwords. Sniffing password is the *result* of cracking not the method of cracking much of the time. >> am far more careful with my root accounts than with the >> user accounts and to create that mind-set reliably, I need >> an original root log-in. I also believe allowing ssh >> remote root log-in causes less risk than denying it and >> going the su way. >> >> That said, Fedore12 does not agree and forces you to >> log in as user and then do a su. > > I think the reasoning is that typouing su <command> is less likely to > destroy a system than someone who forgets they are root and types > something deeply destructive like rm -r * whilst in /etc when they > thought they were in /home/user/myjunk It's a valid disagreement. I wonder if Arno's security work makes him more cautious with a root session. I've seen a lot of folks login as root because that's how they login and they damage their hosts all the time. I've seen folks specifically chose to login as root as Arno describes and do just fine. But like NP I have ended up prefering the su route. For that matter doing sudo a command at a time when root is absolutely needed is even more careful and less likely to damage the system. It's also a pain in the butt to handle directories that have resticted permissions.
From: Nico Kadel-Garcia on 7 Jul 2010 20:15 On Jul 7, 5:03 pm, Doug Freyburger <dfrey...(a)yahoo.com> wrote: > The Natural Philosopher wrote: > > Arno wrote: > > >> Some people think that log-in as root is a security risk. > > >> I have been active in the security field for quite some time, > >> and I still do not follow the reasoning behind this. In fact, > >> it strikes me as the wrong thing to do, because at least I > > One reason is the encryption used during login sessions is stronger than > the encryption used to establish sessions. If you want to snif a > network and crack it you're more able to do so at the point of the > weaker encrypton. > > It turns out this is a very weak argument. Most cracks are done using > bugs in programs than by cracking passwords. Sniffing password is the > *result* of cracking not the method of cracking much of the time. > > >> am far more careful with my root accounts than with the > >> user accounts and to create that mind-set reliably, I need > >> an original root log-in. I also believe allowing ssh > >> remote root log-in causes less risk than denying it and > >> going the su way. > > >> That said, Fedore12 does not agree and forces you to > >> log in as user and then do a su. > > > I think the reasoning is that typouing su <command> is less likely to > > destroy a system than someone who forgets they are root and types > > something deeply destructive like rm -r * whilst in /etc when they > > thought they were in /home/user/myjunk > > It's a valid disagreement. I wonder if Arno's security work makes him > more cautious with a root session. I've seen a lot of folks login as > root because that's how they login and they damage their hosts all the > time. I've seen folks specifically chose to login as root as Arno > describes and do just fine. But like NP I have ended up prefering the > su route. For that matter doing sudo a command at a time when root is > absolutely needed is even more careful and less likely to damage the > system. It's also a pain in the butt to handle directories that have > resticted permissions. It's like unloading a gun before handing it to someone else. It forces people to take an extra step, one they have to think about, before using a very powerful and hazardous tool.
From: Matt Giwer on 8 Jul 2010 03:18
On 07/05/2010 10:55 AM, jny0 wrote: > I'm installing fedora12. I run the CD, which gives me the option to > log-in as liver system user. I then lick on the Install to Hard Drive > icon, which begins the installation procedure. After setting up a > couple of settings (location, etc) I'm asked to enter a root > password. I enter it, and continue the installation. Oncompletion, I > restart the computer, and am prompted to set up a user account. I > then log in with the user account, as this is the only option > available. When I then try to login as root (through a terminal), I > keep being told that there's authentication failure. I know the > password is correct, and have gone though this process many time now. > Any ideas? Remote login as root is a bad idea for security reasons. It is also a bad idea for a distribution to prevent people from doing dumb things. Ignore it and su? -- The Jews should stay where they are. It is the Palestinians who should go back to where they came from. -- The Iron Webmaster, 4280 http://www.giwersworld.org/antisem/ Antisemitism a10 Thu Jul 8 03:17:32 EDT 2010 |