[TriLUG] Ubuntu 12.04 root password reset

matt at noway2.thruhere.net matt at noway2.thruhere.net
Mon Apr 30 10:29:24 EDT 2012


You are correct.  One of Ubuntu's distinguishing features is to lock the
root account and configure the primary user with sudo ALL.

In the case of the OP, the description reads like something buggered the
login of this primary user during an upgrade.  Consequently, access via a
root privileged account is needed to reset this password.  It appears that
there are a couple of ways to go about getting it.

With regards to whether or not the root password should be locked, I find
myself of mixed opinions on this and see it both as an advantage and a
disadvantage.

On daily use systems, e.g. my normal browsing laptop, it is fairly rare
for me to perform activities that require elevated privilege and using
sudo is simple enough.  When working on servers, especially when
performing any sort of configuration and installation, having to prefix
every stinking command with sudo becomes a royal PITA.  How many times
have you gone to modify a file in /etc only to see the "warning: read
only" pop up as soon as you make a modification?  It doesn't take too long
before the command 'sudo -i' gets executed to do away with this.

At the same time, root is, hands down, the most attacked user account and
disabling the account short circuits this attack.  Similarly, from reading
on the security forums, I note that far too many wannabe admins refuse to
let go of direct or SSH login via root for all of their activities.

>From a security standpoint, using an account with limited privileges as
your main account and then having a second account (with a strong
password) helps add an additional layer between a would be intruder and
root privilege, that a single, primary, sudo account doesn't.  Of course,
it is beneficial to prevent SSH root login and require direct root access
to be from a physical console.

> On 30 April 2012 09:59, Brian McCullough <bdmc at bdmcc-us.com> wrote:
>> I also seem to remember that recent ( last year or more ) versions of
>> Ubuntu have no "root" password, but insist on you using "sudo" from your
>> own user account.
>>
>> Sure, once you are in sudo you can set a root password, but that isn't
>> the default.
>
> Ubuntu has always disabled the root account by default. I'm surprised
> more distros don't do the same.
>
> Jeremy
> --




More information about the TriLUG mailing list