Re: [root user] How to disable root account?

To: debian-user@lists.debian.org
Subject: Re: [root user] How to disable root account?
From: d@jerkface.net
Date: Sat, 26 Nov 2005 12:39:55 -0500
Message-id: <[🔎] 20051126173955.GA16123@jerkface.net>
In-reply-to: <[🔎] b400c69a0511250333o732e568es13c1ad1edee3fd47@mail.gmail.com>
References: <[🔎] 4385DD74.8050200@abulafia.it> <[🔎] 20051124150022.GA20910@miami.familiasanchez.net> <[🔎] 43861361.1000501@yahoo.com> <[🔎] 87y83dx2fz.fsf@lucien.dreaming> <[🔎] Pine.LNX.4.64.0511250445570.31157@mimosa.opentrend.net> <[🔎] b400c69a0511250333o732e568es13c1ad1edee3fd47@mail.gmail.com>

On Fri, Nov 25, 2005 at 01:33:34PM +0200, Maxim Vexler wrote:
> On 11/25/05, Robert Brockway <rbrockway@opentrend.net> wrote:
> > Anyone wanting to lock the root account (not a good idea IMHO) should have
> > a root enabled session (sudo, su or whatever) put to the side and not
> > touched during the procedure.  This session would be used only to reverse
> > the procedure if it was found that establishing superuser privs was no
> > longer possible in new sessions.
> 
> In the worst case, couldn't someone just boot from a livecd, run
> [passwd root], then [cat /etc/shadow | grep root] on the livecd and
> finally simply copying that entry into the locked out system shadow
> file ?

That's doing it the hard way.  Just pass "init=/bin/sh rw" to the kernel
with your bootloader, and do:
# passwd root
# mount -o ro,remount / && reboot

If your bootloader has a password and you've lost that, you can use a
boot disk, but you still shouldn't muck around with the passwd & shadow
files directly, probably ever.  Just mount the root filesystem and
chroot /mnt passwd (or visudo) as root.

Reply to:

Follow-Ups:
- Re: [root user] How to disable root account?
  - From: Fredrik <fredrick@thegate.nu>

References:
- [root user] How to disable root account?
  - From: belbo <andrea.ballatore@gmail.com>
- Re: [root user] How to disable root account?
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
- Re: [root user] How to disable root account?
  - From: Marc Shapiro <mshapiro_42@yahoo.com>
- Re: [root user] How to disable root account?
  - From: bkhl@elektrubadur.se (Björn Lindström)
- Re: [root user] How to disable root account?
  - From: Robert Brockway <rbrockway@opentrend.net>
- Re: [root user] How to disable root account?
  - From: Maxim Vexler <hq4ever@gmail.com>

Prev by Date: If I remove old kde3.3 stuff, how do I preserve the menu items
Next by Date: Re: newer kernel for non-bootable sarge
Previous by thread: Re: [root user] How to disable root account?
Next by thread: Re: [root user] How to disable root account?
Index(es):
- Date
- Thread