Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I am a newbie. I have two problems one with the root user and one with vnc.
I am using mandrake 10.1
root problem.
I want to login as root. So I logout as me, get a GUI login prompt and type root (all lower case) and the password. It returns with make sure you are typing the user name and password correctly etc...
So I logged back in as me and then tried to run something which required root permissions. It asked me for the password of root and I typed it in exactly the same as before and it worked. I also checked in the user administration to see if "root" was "Root" or "ROOT" but it is not. It's just plain old "root". I changed the password of root to "password" (all lower case) I logged off and tried again but I still get the same problem saying I typed the username or password incorrect.
I was running in secure mode and thought that was the problem but after a reboot and running linux in "linux" mode instead of "linux secure" I still get the same problem. I have checked and double checked that capslock is not on etc..
Any Ideas
VNC problem
I can vnc to my windows machine from my linux machine no problem. but when I try from the windows to linux it get the message "Server closed connection unexpectedly". I have run the vncserver on the linux machine. In windows I am using the ip address (which is correct and I have checked it) with the process number so it looks like this 10.10.10.35:1 what am I doing wrong. I am running the vncserver as myself. should it be as root.
Any Ideas
Cheers Yesterdays
Last edited by yesterdays; 02-08-2005 at 06:02 AM.
First try su command and see if you can login that way to root from a normal user. Then check the /etc/passwd file to see if root line has anything strange with it.
then try to login as root from the console: press ALT+CTRL+F1 and login.
First try su command and see if you can login that way to root from a normal user. Then check the /etc/passwd file to see if root line has anything strange with it.
Hi
I tried the su command and that works fine I can access the root folder etc.. I checked the passwd file and it looked fine here is the line "root:x:0:0:root:/root:/bin/bash"
any ideas?
If you can su but not log in, perhaps root login is disabled. Very often root login is disabled on the GUI, and sometimes (rarely) consoles as well. I believe /etc/securetty is the configuration file for this.
Originally posted by yesterdays Hello,
I am a newbie.
Welcome to Linux! You'll find that once you get all of your hardware working (can't in my case, ATI AiW 8500DV and ATI Radeon 7500PCI in Xinerama mode - no TV tuner possible in this configuration) you won't be going back to Windows.
Quote:
"Root" or "ROOT" but it is not. It's just plain old "root". I changed the password of root to "password" (all lower case) I logged off and tried again but I still get the same problem saying I typed the username or password incorrect.
This goes without saying, but I'll say it anyhow: If your computer is connected to the Internet (or any public network) in ANY way, be it dialup, broadband, or T-1, never, never, never, NEVER give root a simple password. I'm a fan of taking multiple words from multiple languages, concatenating them together, and putting punctuation or numerals into the mix - not between the words, but IN the chosen words. I also recommend disabling the 8-character limit on passwords if that "feature" is enabled on your system - security is more important than backwards compatibility in this case.
I believe Matir posted what you're looking for, BTW - you may need to dig a little because some distributions rename or even move otherwise-standard configuration files - I am unfamiliar with Mandrake so I can't tell you where they actually put the real file, but that setting is very likely the cause of your problem.
KimVette what is the point of your post. It doesn't help at all. I know what to do with passwords etc..
My machine isn't directly on the internet it is running through a PAT configuration. so even if the password is password it would be OK(to a point).
I know you think you were helping but it sounded like you were lecturing about the rights and wrongs about passwords to make yourself sound more important. A little ego trip.:P
What would have been great is if that paragraph you wrote on passwords was instead on helping me solve my problem.:P
Well, despite the flamewar with KimVette, I'm still willing to help newbies. I believe KimVette's point was that you DID mention you were new to linux. Not all "newbies" are well versed in security. I do not believe it was meant as an insult, but rather it was just an attempt to help you. With that, I do believe I have a solution for you.
If /etc/securetty is emtpy, then root cannot log in ANYWHERE. It must contain a line for each console on which you want root to log in on. A default one often contains:
Sorry for the long post, but that's what it is. If your distro has moved the securetty location, you'll need to find it first. man 5 securetty may help.
Hey thats great thanks Matir,
I haven't done anything yet but I will look at that tomorrow.
and KimVette If I hurt your feelings I'm sorry OK. I deal with a lot of people that say quotes like you said, making out like they wrote the book on linux but instead they have only read up to chapter 3 on "Linux for Dummies". I suppose I get pead off with it.
No offence meant lets be friends
You know what is funny is when people call other people "Jackass" It's about insulting as you poking me in my arm!!
what do all the lines stand for in the /etc/securetty?
thanks for the help
yesterdays
its been a while since ive installed mandrake but.. (BTW this might be SuSe im talking about :s)
i had the exact same problem then noticed that when you install it asks for a security user
root will not work, you should use the name you gave as the security user
Each line stands for one virtual console. Have you ever hit alt-1, alt-2, alt-3 to switch between the different "virtual screens" (really called "Virtual Consoles) in Linux? By enabling each tty to allow the root user, you are allowing root to log in on that virtual console.
You may consider this feature to be a little complicated since the days of dumb serial terminals (like the VT120, etc.) are in the past, but it's still very much alive in a virtual sense, and in kiosk environments with thin clients. By keeping root restricted such that it must first be explicitly allowed to log in from a terminal (whether real or virtual), it is keeping the box secured.
BTW if you have a modem on your box, and it is connected to the telephone line, and it's configured to automatically answer the line, you want to disable these:
tts/0
ttyS0
BTW If I were trying to insult you I wouldn't have said you were being a jackass, but that you're acting like a dateless pimple-faced 17-year-old - but I didn't say that now, did I? ( I couldn't resist, please don't take offense. I'm only kidding around.)
Hey,
Thanks for all the help. I'm hearing bells ringing I remember something about a security user in the installation. I will try that. I am going to add the lines to /etc/securetty as well and I'll let you know.
I think I will be posting more questions on this site I like the banter!
I like this quote! Now thats an insult!
Quote:
you're acting like a dateless pimple-faced 17-year-old
If you are using gdm to login you can enable root logins in gdm.conf. I believe you would change AllowRoot=false to true. It's been awhile since I wanted root to login through the gui so this could be wrong.
Originally posted by yesterdays That file has nothing in it?
is it the right file?
cheers yesterdays
The file tell which terminals that the root are allowed to login from. In your case none.
You can add entries in that file to be able to log in directly as root.
Not allowing root to login directly is advisable, you can still change user, using the su - command.
By doing so an attacker would first have to find a valid username on the system, crack the password for that user and then try to crack the root password.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.