Re: How to gain control over the system?

To: debian-user@lists.debian.org
Subject: Re: How to gain control over the system?
From: RavenLX <ravenlx@sitesplace.net>
Date: Sun, 16 Jul 2017 09:42:46 -0400
Message-id: <[🔎] dd7355d5-2a31-77e8-c536-037b7b7d4e3c@sitesplace.net>
Reply-to: ravenlx@sitesplace.net
In-reply-to: <[🔎] 20170712132129.GB1380@tuxteam.de>
References: <[🔎] cff44248-2c0e-45a8-4056-92123448789a@telia.com> <[🔎] 17550820-1609-c817-e982-b422b155625e@gmail.com> <[🔎] 2c692a59-959b-14a9-8b37-cfcbc6de73e0@algonet.se> <[🔎] 03720e96-33e0-09c7-3571-df61cca76437@sitesplace.net> <[🔎] 20170712132129.GB1380@tuxteam.de>

On 07/12/2017 09:21 AM, tomas@tuxteam.de wrote:

[snip]

I've been following this back-and-forth for a while. Yes, I think it's
a good idea to use the root account as little as possible. Myself, I
use sudo in the overwhelming majority of cases.

But I learnt the hard way that sometimes it's a good idea to keep a
root account (with a corresponding password!) around.

When the system boots and the root file system is corrupt (or a
similar early-boot problem happens), you find yourself staring at
a message more or less looking like that:

  Please enter your root password to start a rescue shell:

(message is from memory, but you get the -uh- message).

This was shortly after Debian convinced me that having a root password
is The Evil Itself.

Duh.

I'm wiser now.

(Yah, there is a workaround for that: a rescue disk, and that's how
I got myself out of that, but hey).

I have only used a rescue disk once many years ago. That was because ofa failing hard drive. Got the data from it OK, thankfully.

Of course: no remote login as root (sshd_config). Use sudo in normal
life (it's more comfortable, anyway). All that. Use a hard-to-guess
root password (pwgen -n 16, for me).

But. A root password doesn't make your system more insecure (unless
it opens up one more remote access). And sometimes, just sometimes
you wish you had one :-)

I use a laptop but I've never needed to ssh into a laptop computer.Also, if you want to set up ssh, add ssh client and set up your user(sudo enabled) account and random obscure port in sshd config. Be sureto set it up so that it uses a key pair. Then you still won't need rootover ssh.

I'm not totally convinced that having a root account accessible 24/7 isa good idea, especially on portable systems that can also be accessedvia internet.

Reply to:

Follow-Ups:
- Re: How to gain control over the system?
  - From: <tomas@tuxteam.de>

References:
- How to gain control over the system?
  - From: Kaj Persson <70147persson@telia.com>
- Re: How to gain control over the system?
  - From: Jimmy Johnson <field.engineer@gmail.com>
- Re: How to gain control over the system?
  - From: Kaj Persson <kape_fin@algonet.se>
- Re: How to gain control over the system?
  - From: RavenLX <ravenlx@sitesplace.net>
- Re: How to gain control over the system?
  - From: <tomas@tuxteam.de>

Prev by Date: Thunderbird and OAuth
Next by Date: Re: moderncv class does not compile in Debian Stretch
Previous by thread: Re: How to gain control over the system?
Next by thread: Re: How to gain control over the system?
Index(es):
- Date
- Thread