On Tue, Aug 04, 2020 at 10:24:16AM -0500, John Hasler wrote: > tomas writes: > > OTOH practice has shown: if you're doing sudo, you will have forgotten > > your root password anyway when you need it (I have, it's some horrible > > "pwgen -n 16" or something), and it' back to... > > It should be written down somewhere secure. Depending on your threat > model this can be on a note taped to the inside of the machine, in your > safe, or even in the notebook where you keep all your other passwords. It's in a file on the encrypted harddisk. Now you may ask... ;-) Yes, of course. It's in a backup, on an (also) encrypted medium. But all those possibilities (the ones you mention no less) mean that "init=/bin/sh" or rescue medium are less work (I haven't a safe). This is the point I was trying to make: a password you don't use often isn't that useful if there are perfectly viable alternatives. Thus, /if/ you are using sudo, root password loses much of its glamour. This is something I learnt slowly. Cheers - t
Attachment:
signature.asc
Description: Digital signature