just been on the phone to support team - root password

Hi, i don’t have access to my root password. This makes it impossible to download any new software.

The ‘aspire one net book’ which i purchased from pcworld was customised when i bought it. It is a linux model. If you know how i can gain access to my root password i would be much obliged.

Many thanks,
Peter

These instructions are for Linpus Lite on an Acer Aspire One, and will not work for (most?) other Linux distributions. … so don’t expect this to work in Ubuntu :slight_smile:


Open a terminal…
you can do this by hitting Alt+F2 and then typing terminal and clicking the Run button.

In the terminal, type:

sudo -su

at the $ command prompt and hit Enter.

Check the command prompt has changed to a # (hash) symbol.

Still in the terminal, type:

passwd

and hit Enter.

Enter a new root password (must be at least 6 letters/digits)… btw, you won’t see anything being entered, but is is.
hit enter.
When prompted, retype your password… hit enter.

Your new password is set.

See here:

and

I took days to find the pass word for the new
Ubuntu 10.10 - the Maverick Meerkat.
it is “sudo bash”

All that does is run the bash shell as root, using your password… effectively it’s no different to using sudo before a command, or using sudo su, sudo -s, or sudo -i to change to a persistent root shell… it is NOT a password, and will ONLY work if you are a member of the sudo group and already have admin rights… in which case there is no point, and it may even be considered bad practice, as a persistent root shell could be a security risk.

Stick to
sudo
much safer… and gaining root permissions in this way will time out after a while, and leave a log of authenticated commands for future reference.

If you DO open a shell as root, make sure you type:

exit

and hit enter when you are finished, to change back to a regular user.

If you were using a root shell to change a users password via passwd… what’s worng with:

sudo passwd <username>

and if you were using it to unlock the root password… why?

What I’m saying is that in Ubuntu, “sudo bash” will NOT help you if you’ve forgotten your root (sudo) password… single user mode WILL help though.

Mark,

Are you able to explain/demonstrate the practicality of disabling the root password?
I recently returned back to linux after 10 years in the wilderness, a lot has changed, including how common it is for root passwords to be disabled.

I would have thought from a security perspective, the first targeted accounts would be a ‘normal user’ first as this is less likely to be noticed and from here they can then find ways to escalate their privileges or take over more powerful accounts.

Are there other advantages of removing the root password that I’m not seeing, besides just stopping a straight terminal login?

thanks in advanced,
Rob

Here is Ubuntu’s take on root vs sudo:
https://help.ubuntu.com/community/RootSudo

I wouldn’t say having a disabled root account is inherently safer, but it’s advantages are that the root account would probably be the first point of attack, being the only account that historically could be guaranteed to exist… beyond that it seems to be primarily aimed at stopping people getting lazy and logging on as root and staying there.

Also escalation of privileges from regular user accounts are logged, so could aid in detection/tracking.

Much of Ubuntu’s argument is just a cover for saying that it thinks the average user isn’t capable of using ‘root’ safely.

The brute attach force argument has a little merit, but then again, anyone leaving port 22 open on their machine probably falls into the category of “shouldn’t be using 'root” anyway … :wink:
(hence argument is null and void)

Better (IMHO) approach than ‘disabling’ root;

a. Use a moderately secure root password, but nothing too long to type or too easy to forget
b. Ensure that remote users don’t have the chance to attempt to log in as root (or anybody else - unless you know who they are)

Method’s for (b);

a. Limit port 22 based on static IP’s
b. If you don’t have static IP’s, implement a VPN, hence gain static IP’s
c. Lock down all ports not in use using a firewall (I would recommend ‘firehol’)
d. Implement a failed login monitor to spot anything you’ve missed, something like ‘tripwire’, although this is probably a little out of date