FS#13203 - root password when system fail to normal bootup

Attached to Project: Arch Linux
Opened by Ivan Yurasov (vanDake) - Wednesday, 11 February 2009, 14:58 GMT
Last edited by Aaron Griffin (phrakture) - Tuesday, 17 February 2009, 23:50 GMT
Task Type Bug Report
Category System
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version None
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

I have installed sudo, so I disable root account by adding "nopass" to root in /etc/shadow
I'm still allowed to do any administrations task.
But yesterday at new boot my computer fail to complete fs-check, and ask me for root password (stop at ramfs stage)
so I can't login and all that I can do it's press control-D to reboot
and I returned to ask root password (same ramfs stage)
to resolve it I need bootup from livecd, mount rootfs, chroot on it, and change root password by passwd root

I think, this situation may be on non-unique

My suggestion is:
if check root password fail, then ask password of user with uid 1000
on the most systems it the same person with root
This task depends upon

Closed by  Aaron Griffin (phrakture)
Tuesday, 17 February 2009, 23:50 GMT
Reason for closing:  Won't implement
Comment by Jan de Groot (JGC) - Wednesday, 11 February 2009, 15:04 GMT
I wonder why everyone wants to disable the root account now that Ubuntu uses sudo by default. Disabling the root account is braindead and not default in archlinux, so I'm not thinking about "fixing" this "issue". Maybe other devs want to take a shot at this, but I don't see reason to support something that isn't native to our distribution.
Comment by Aaron Griffin (phrakture) - Wednesday, 11 February 2009, 16:19 GMT
I agree with Jan here - disabling the root account is stupid.
Take a look at what inittab does when you boot into 'S' or 'single' mode: it runs /sbin/sulogin. Read the man page for sulogin.

The root account has been part of unix OSes for long before ubuntu came along... *sigh*
Comment by Ivan Yurasov (vanDake) - Thursday, 12 February 2009, 10:54 GMT
talk about the "native" will lead to stagnation

it's just more secure

I used it long before ubuntu ;)
Comment by Ivan Yurasov (vanDake) - Thursday, 12 February 2009, 11:56 GMT
BTW
check ArchWiki
http://wiki.archlinux.org/index.php/Disable_root_password_and_gain_su_sudo_with_no_password
if it is not "native", I think it is better to delete article
Comment by Alessandro Doro (adoroo) - Friday, 13 February 2009, 02:17 GMT
Ubuntu is fine tuned to work with a disabled root account. Arch Linux is not. Think and check twice before disabling root.
sudo isn't a simple program, see the man page, and can easily cause problems (e.g.  FS#12263  - sudo's new umask handling can cause library permission errors).
I always tend to handle it with care and login in a root shell for administrative tasks that modify my system.

And talking about security: if someone exploits a buffer overflow to get a shell in my machine I don't see the advantages of sudo over su (further insights welcome).
Comment by Aaron Griffin (phrakture) - Friday, 13 February 2009, 16:46 GMT
I love the "it's more secure" tribe... HOW is sudo more secure? I've never heard anyone explain why... how about this - sudo has that little timeout thing so it doesn't require a password everytime. If I use sudo to run something, then someone gets control of my insecure user account, all of the sudden they have sudo rights, because of that lame grace period.

Unless we're talking code-level (I haven't looked at either app), I am fairly certain that sudo is not "more" secure than su.

Disabling root is not supported on Arch Linux. I am fine with closing this as "Won't Implement"
Comment by Alessandro Doro (adoroo) - Tuesday, 17 February 2009, 23:42 GMT
No feedback in five days.
The wiki page has been updated.
Can this be closed?

Loading...