Logging in as Root
 

I know I have been told not to do it.

I want to know if you create two user root and you normal user do you need to give two different password?

Thanks

UPDATE: Could you have a file manager to be able to open it as root (Like Thunar) I think I will make things easier to administrate and anything you move or open it will open it as root.

One Password, Multiple Accounts
 

You can use the same password for multiple user accounts, even root.

On some development systems I create several accounts and use the same password for ALL of the accounts. Security is not an issue and I'm the only one using the system. It makes it simple for me.

It is considered safest to always use an account with "user" privileges. Then, when you need to do something "out-of-the-ordinary", you acquire root for that task only and then relinquish it as soon as you can. Nowadays the best technique for this is to use the sudoers file and sudo-capability.

For your second question, you can run any application (even X-windows app) from your normal account as "su -c the_app_name" from a terminal session, or more graphically via gksu. I think there is also a gksudo too.

Whoever told you that is being silly. Routine root access is normal in any 'nix system. Sure, think and read twice before pressing Enter, just like carpenters live by the adage "measure twice, cut once." :)

I use the root account often. Sometimes with su, sometimes with su -, sometimes with sudo, and sometimes through the sudoers list. I run a home network. My normal account and root account passwords are the same.

That said, if you use a portable computer, then having different passwords is a reasonable idea. Security is often a compromise between convenience and protection.

Desktops like Xfce, KDE, Trinity, etc., provide their own mechanism to open file managers and other apps directly as root. So doing that is not a major problem. :) KDE is kdesu, Trinity is tdesu, I don't know the Xfce way. If you want to use a console file manager, such as midnight commander, use the 'su -' command to ensure the root account uses root environment variables and not user variables.

That simply is not a (security) best practice. Before you counter that you think that what you do in your LAN is your problem alone please be aware that once a machine is part of a public network it has the potential to become everyones problem.

loging into the GUI at root is normally not a good idea
x11 is not secure

however sometimes it might be needed
-- however !!!
starting as a normal user and THEN in the terminal becoming root is preferred
now on all my systems a CAN login as root at boot
-- but I very very rarely do that

at time of install i do login as root
to set the root gui theme to something hideous
an "eye sore" like "high contrast"

that way i KNOW very fast that i am running some gui tool as root

also i make sure that the /root/.bashrc has PS1 set to be RED

that way i KNOW rather fast that i am root in the terminal
two root users ?
not a good idea

set up "sudo" and ONLY give that other person the permissions that they NEED and ONLY what they need .


on my mostly single user system ( some other people use it sometimes)
my "normal" user password is rather easy
BUT
the root pass is NOT
it is a 16 character string that I memorized

Best practice? Maybe, maybe not. Sane? For me, yes. For others? Some yes, for some, no.

All of my systems run an iptables firewall. All systems are behind a Linksys router running DD-WRT with all services disabled, which is behind a VOIP router, which is behind an ISP CPE that is encrypted with all ports disabled. All of which are on different subnets. Potential for intrusion? Sure. Likely? No. Anybody who bangs through all of those layers has far more skills that I can stop with a simple password. Exactly how is this "everyone's problem"?

Ogres are like onions. They have layers. :D (From the movie Shrek.)

I think the chance that an infected (or taken-over) machine can then be used as a springboard for other activities, like distributed denial-of-service (DDOS), or email spam or the like is the concern. A weak machine (easy password) is a gift to some really nasty people in this "Wild-west" internet world.

Or simply has written an exploit for your favorite browser, chat software or whatever services you use that are communicating with the net.

Point taken. But the subject is password security.

Even if someone were to compromise your user's account, sharing the same password would offer no advantage in gaining root access than using different passwords.

Except that sharing the same password is anticipated, and said password will probably be the first one the attacker tries to use.

Need to? No.

Good idea? For sure.

Except that the attacker has no way of determining the user's password. He could change it, but that would not change the root account's.

You don't need to log on to root. It is a poor practice to use. Learn proper ways.

Modern distro's allow you to either use sudo or launch apps as superuser.

Root is a generic name for admin or superuser. It could be that many users have root access or full control or superuser account privileges. Not really a good reason to do that. Use least privileges needed to do tasks.