Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#36064 - disable root account

Attached to Project: Arch Linux
Opened by John (john72) - Sunday, 07 July 2013, 17:13 GMT
Last edited by Dave Reisner (falconindy) - Sunday, 07 July 2013, 19:13 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

By default Arch is installed with active root account - this is both additional security risk and increased chance of misconfigurations for newcomers. Many popular distributions like ubuntu and fedora come with root account disabled in default install - all the system administration is done via sudo.

It would be great to see this feature implemented in Arch as well.

Doing so manually is unsuitable - it requires changes to several core components as described in https://wiki.archlinux.org/index.php/Sudo#Disable_root_login

However enabling disabled root account is a trivial task which can be easily performed by users who would like to preserve old behavior - hence I suggest this feature as default option.
This task depends upon

Closed by  Dave Reisner (falconindy)
Sunday, 07 July 2013, 19:13 GMT
Reason for closing:  Won't implement
Additional comments about closing:  see comments
Comment by John (graysky) - Sunday, 07 July 2013, 18:51 GMT
Many other distros including Debian ship w/ an active root account. If users want to disable it, they can do so with the instructions at the wiki you provide. I would not like to see this as the default.
Comment by Dave Reisner (falconindy) - Sunday, 07 July 2013, 19:13 GMT
No, this isn't really a legitimate security risk. Put a reasonable password on the account and you're fine. Root privilege escalation exploits don't even require that you have a valid root account.

Doing this also puts you in a shitty position if you break your sudo config -- something "newcomers" often do because they manually edit /etc/sudoers and use invalid syntax. You then need to know how to boot to a rescue environment and recover the config either from the initramfs or launching a shell as PID 1 (or a liveCD, failing all other options).

I feel compelled to point out that Arch makes no attempts to be "newbie friendly". We expect that people know what they're doing and that everything is fairly vanilla (your request has an implicit requirement that we make sudo part of base). This request goes against core principles of the distro.

Loading...