LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Question about "root" (https://www.linuxquestions.org/questions/linux-newbie-8/question-about-root-4175518506/)

OldNoob 09-13-2014 06:35 PM
Question about "root"
 
Can someone hack into my system using the passwrd "Root" even though i have changed my passwrd to something else?

Randicus Draco Albus 09-13-2014 06:41 PM
Not that I know of. Root's password is whatever you set it as. The icon displayed in your profile is Ubuntu. On that system logging into the root account is disabled, so this should be not be an issue. What is an issue is that Ubuntu uses sudo with unlimited root privilege, so if someone is going to hack into your system, they would use sudo to gain root privilege. If you are worried, set a good password.

jefro 09-13-2014 08:58 PM
Not sure how you got such a feeble password to begin with.

Security is a collection of things that tend to deter hackers. No one thing protects you.

ondoho 09-14-2014 06:39 AM
i've read somewhere that there's a security risk because every linux machine has a user called "root" - that would eliminate one step for someone who wants to hack into your system. they don't have to guess the user name.
but then, that's true for other operating systems as well, if they use "admin" or sth like that.

yes, a good password is very important.

some gnu/linux systems disallow usage of root account, maybe that's a good thing then.

Randicus Draco Albus 09-14-2014 07:14 AM
Quote:
Originally Posted by ondoho (Post 5237639)
some gnu/linux systems disallow usage of root account, maybe that's a good thing then.
Not when they configure sudo with unlimited root privilege. Thank you Mister Shuttleworth. :doh:

273 09-14-2014 07:17 AM
Quote:
Originally Posted by Randicus Draco Albus (Post 5237649)
Not when they configure sudo with unlimited root privilege. Thank you Mister Shuttleworth. :doh:
You should try Raspbian with passwordless unlimited sudo by default!

bstaletic 09-14-2014 09:30 AM
Quote:
Originally Posted by 273 (Post 5237651)
You should try Raspbian with passwordless unlimited sudo by default!
But that's the first thing you learn not to do running linux!

Joanmacat 09-14-2014 11:06 AM
I think to understand better the security policy in Linux it's interesting to know how to configure the sudoers file.

There you can configure the root privileges and especify what kind of commands do you want root will be enabled to execute. But personally I think this part is more important in a network environtment.

As Randicus Draco Albus said: Ubuntu have an unlimited root privileges set as default... and is good to configure the sudoers file.

If you want how to do that you can check this link :)

suicidaleggroll 09-14-2014 11:11 AM
Quote:
Originally Posted by ondoho (Post 5237639)
i've read somewhere that there's a security risk because every linux machine has a user called "root" - that would eliminate one step for someone who wants to hack into your system. they don't have to guess the user name.
The first thing anybody should do with a new Linux system is disable root ssh access, which makes it a non-issue.

Besides, if you look at the ssh logs for any publicly-accessible server, there are basically zero script kiddies trying to break in with the user name "root". 99.9% of the time they use "admin", "oracle", etc.

273 09-14-2014 11:25 AM
Quote:
Originally Posted by suicidaleggroll (Post 5237748)
The first thing anybody should do with a new Linux system is disable root ssh access, which makes it a non-issue.

Besides, if you look at the ssh logs for any publicly-accessible server, there are basically zero script kiddies trying to break in with the user name "root". 99.9% of the time they use "admin", "oracle", etc.
I wouldn't bet on that -- one of my VMs compromised by a script kiddy who ran a dictionary attack against the root account... ;)


All times are GMT -5. The time now is 09:46 PM.