[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to gain control over the system?



On 09-07-17, Anders Andersson wrote:
> On Sun, Jul 9, 2017 at 12:51 AM, Fungi4All <fungilife@protonmail.com> wrote:
> 
> > On Sat, 2017-07-08 at 23:57 +0200, Kaj Persson wrote:
> >
> > > But now I discovered an issue, I cannot manage my desktop. I have
> > > always at the previous installations, and they are quite many now, been
> > > advised to, for security reason, leave the root password unset, which
> > causes
> > > the root account go passive, and for all tasks where I need root
> > > authority I  go via su/sudo.
> >
> >
> > It is a bad idea despite of what security gurus may advise.  You may lose
> > your system
> > and never get it back.
> >
> 
> 
> It's an even worse idea to listen to people on the internet who ignore
> "security gurus" based on rumours. You can easily restore or change the
> root password if it's lost or unset.

Leaving root password unassigned for "security" reasons is silly.
Heaving, or not heaving root account assigned does not make your system
any more secure. For some things you do need root account. Those systems
that use sudo only approach ( read Ubuntu and derivates ) have sulogin
patched to allow single user mode, for example. And it is made so on
Ubuntu out of fear that new users attracted to Linux will mess up things
more if they have access to root account. Not that it stopped people to
be people and to mess things up equally successful with sudo account. As
for those "security gurus", who are they? Real gurus? Or just people
repeating what they've read somewhere with little to no understanding
what they've read?



Reply to: