[Novalug] Ubuntu recovery mode without password?

donjr djr1952@hotpop.com
Wed Mar 7 05:04:53 EST 2007


On Wed, 2007-03-07 at 01:19 -0500, D Rider wrote:
> While floundering with my naive knowledge (read: less than minimal) of
> Linux and Ubuntu I managed to screw up su access (sudo).  So
> thankfully I had the recovery option on my grub menu (Ubuntu 6.10).

Note 'sudo' and 'su' are two different programs by different developers
and camps that offer many of the same set of features.
  su - change user ID or become super-user has also been around a whole
lot longer.

> To my surprise it booted straight to a root prompt without my
> intervention with supplying a password.  It also gave me access to all
> files.  I'm not thrilled with that; what's the logic?

If you figure out the logic of that default setup then please do explain
it to me.

> http://www.psychocats.net/ubuntu/sudo mentions that I could have "set
> a root password in your installation".  Huh?  I don't remember that
> happening.

Interesting looking page, but I don't remember it asking me that
question either.

>   How do I do this?  And should I?  Pros/cons.
> 
> Thanks.

Pros:
  You gain security by requiring a password to enter Recovery mode.

Cons:
  You have to remember the password to recover the system.

Pro or Con:  { Depends on how you look at it }
  Once the password is set it now becomes possible for someone to log
into a text terminal <ctrl><Alt><F1> as 'root'.

  It becomes possible to use 'su -' to open a root shell.

  And if you edit/adjust the 'gdm' settings it also becomes possible to
run the X Windows System as 'root', NOT RECOMMENDED at all.

  If the 'ssh' daemon is running it MAY becomes possible to open a root
shell that way.
   ('MAY' as it also depends on how the sshd is configured.)

  ************
The way that I have gone about setting the root password are:
  At a administrator level shell prompt:
    $ sudo passwd root

  or by an interactive root shell:
    $ sudo -i

    #  passwd
    /\ The # character is the default root prompt character.
        /\ 'passwd' is the command-line way to set/change a password.

    #  exit
    $
    /\ Exit the interactive root shell and return to your default shell

Want to get real fancy it's possible to password protect grub also see:
<http://www.gnu.org/software/grub/manual/html_node/Security.html#Security>
"Protecting your computer from cracking"

PS:
  I'm real sorry about forgetting to include the '-a' option with my
'usermod' example.
   {-: That's what happen to your group(s) memberships,
      if you hadn't figured out what happened yet. :-}

--  
-- 
 Don E. Groves, Jr.



More information about the Novalug mailing list