MandrivaUsers.org : Passwordless and loving it! - MandrivaUsers.org

Jump to content

  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Passwordless and loving it!

#1 User is offline   hanes 

  • casual
  • Group: Members
  • Posts: 80
  • Joined: 16-November 04

Posted 18 April 2006 - 10:30 PM

Hi all, I just removed a password from my root account the other day (passwd -d root) and I feel so free haha!

I just wanted to say this because of all the nutso posts I see against this. I avoided doing this for a while but then it occured to me that:

a) I run Win XP / Win 98 on most of my machines , they are ALWAYS running as root! At least on my Linux boxes the virus/hacker has to type SU

b There arent a lot of viruses running around on Linux (yet)

c) there just freaking desktops anyways! I backup important stuff!

d) I format my computer quite often anyways to try out different distros

e) Entering passwords is ANNOYING, especially for meaningless trivial things like changing the time, adding new wallpapers (into /usr/share/wallpapers, connecting to wireless networks, adding a printer, adding new fonts, loading the control center, and deleting fiiles

Anyways if any newbies are annoyed by passwords I wouldnt worry about it, I know you hear tons of people say things like "but you can DELETE ANYTHING", but guess what you can do that with most OS's out there.... I have yet to mistakenly delete my /

Obviously my servers have passwords that I change monthly, but thats another story. Even the computers that are somewhat public (ie others use them) I use passwords with...

On a related point it would be neat to have a password wizard, which asked the user what he DIDN't want to enter a password for, this way users wouldnt feel the need to remove passwords, which if EVERYONE did it, might encourage virus writers. (I finnally snapped when I changed my time for DST, instead of entering the password I just removed the password).

Hanes
My Flash Video Install Tutorial

This post has been edited by hanes: 18 April 2006 - 10:35 PM

0

#2 User is offline   nchancock 

  • frequent
  • Group: Members
  • Posts: 111
  • Joined: 04-December 04

Posted 18 April 2006 - 11:02 PM

No doubt. When some l33t hax0rs turn your boxes into zombies and load your HD with kiddie-porn don't come crying here.
HP 7188CL Laptop -- Ubuntu 6.06 Dapper -- Gnome 2.12 -- kernel-2.6.15-27-386 -- Pentium-4-HT 3.2 GHz -- 512 MB RAM -- 80 GB HD -- 16xCDRW/4xDVDRW Combo -- NVIDIA Go5600 w/ 64 MB RAM -- NEW TO THE SCENE (so excersize patience :) )
0

#3 User is offline   tyme 

  • Serial Slacker
  • View blog
  • Group: Platinum
  • Posts: 13,309
  • Joined: 24-October 02

Posted 18 April 2006 - 11:09 PM

not using a root password is a horrible idea. since you don't have a root password, I could very easily hack your computer at this very moment if I felt like it. Horrible, horrible, horrible idea. What I find funny is in your tutorial you admit to this!

Oh, and if you really wanna know, part of the reason why MS Windows has such huge security problems is because everyone has root, and almost no one uses a password.
0

#4 User is offline   michaelcole 

  • Awesome
  • Group: Members
  • Posts: 262
  • Joined: 16-November 05

Posted 19 April 2006 - 01:12 AM

STUPID STUPID.

what can I say..

Once in a while you have to type in a password, To upgrade or install new things, Come on i upgrade so often but keep the password. A little pain is better than a destroyed PC..

This is a bad idea,
Just because i have not personally got a virus in windows in 4 Years does not mean that Windows is Safe.. I just use it correctly, when i have too..

Same with linux use it correctly and you will be saved the pain later..

If you worked for me, It would be your last day.. take a walk to SANS.org and read why policies are needed and everyone has to follow them, for everyones protection..
Michael Cole
LPIC Level 1
0

#5 User is offline   Turb0flat4 

  • New Here
  • Group: Members
  • Posts: 42
  • Joined: 13-April 06

Posted 19 April 2006 - 01:29 AM

Troll, troll, troll.

Being passwordless for root is a *terrible* idea. One of the reasons I tired of Ubuntu was that nearly everything could be done with sudo and a non-privileged user password. That's bad enough.

This is infinitely worse.

BTW, don't use WinXP to bolster your feeble arguments. True, by default it's setup that way, but it's the easiest thing to set a password. Even better would be to make an additional limited user account to do day to day stuff.

In any case, Windoze XP should not be used as a benchmark for anything. The last OS where Redmond got nearly everything right in an OS was Windows 2000 Pro. It hadn't happened before, and it hasn't happened since.

WIn2k had *excellent* security policies *by default* - you HAD to login, and they even encouraged you to use a reserved key combo (Ctrl-Alt-Del) to enter the login screen. You could even change the name of the Admin account from the default to something non-intuitive for added security, something that (as far as I know), still cannot be done in Linux. And you couldn't switch users "on the fly" like you can with WinXP. That was a brilliant security policy, it's how it should be.

But lusers like you seem to want insecure machines as long as they're "easy" to use, so I guess that's why WinXP is done the way it is. That's not a good thing though !

This post has been edited by Turb0flat4: 19 April 2006 - 01:30 AM

0

#6 User is offline   aioshin 

  • MUB Addict
  • Group: Members
  • Posts: 816
  • Joined: 23-August 04

Posted 19 April 2006 - 01:34 AM

what an idea!? do you really understand what you've done?
Mandriva 2008.1 @wORk
Mandriva 2008.1 @ hOMe
0

#7 User is offline   Ixthusdan 

  • Platinum
  • Group: Platinum
  • Posts: 9,042
  • Joined: 17-September 02

Posted 19 April 2006 - 04:19 AM

View Posthanes, on Apr 18 2006, 05:30 PM, said:

Hi all, I just removed a password from my root account the other day (passwd -d root) and I feel so free haha!

Free, as in, free lunch. B)/>

hanes said:

I just wanted to say this because of all the nutso posts I see against this. I avoided doing this for a while but then it occured to me that:

By nutso, I assume you are referring to acceptable best practices in the entire computer world except windows? :lol:/>

hanes said:

a) I run Win XP / Win 98 on most of my machines , they are ALWAYS running as root! At least on my Linux boxes the virus/hacker has to type SU

What's the matter? Could you not afford to purchase a legal copy of windows xp on all of your machines?

hanes said:

b There arent a lot of viruses running around on Linux (yet)

Becuse linux is safe with a root account that is password protected. But really, that is just BEST practices. What do IT people know, anyway?

hanes said:

c) there just freaking desktops anyways! I backup important stuff!

Ummm... if all that is on your hard drive is desktops, I would be interested in where you keep all the other important stuff, like the kernel, the directory tree, mundane stuff like that!

hanes said:

d) I format my computer quite often anyways to try out different distros

e) Entering passwords is ANNOYING, especially for meaningless trivial things like changing the time, adding new wallpapers (into /usr/share/wallpapers, connecting to wireless networks, adding a printer, adding new fonts, loading the control center, and deleting fiiles

Anyways if any newbies are annoyed by passwords I wouldnt worry about it, I know you hear tons of people say things like "but you can DELETE ANYTHING", but guess what you can do that with most OS's out there.... I have yet to mistakenly delete my /

I'm sorry. Is your root also on your hard drive along with the desktops?

hanes said:

Obviously my servers have passwords that I change monthly, but thats another story. Even the computers that are somewhat public (ie others use them) I use passwords with...

On a related point it would be neat to have a password wizard, which asked the user what he DIDN't want to enter a password for, this way users wouldnt feel the need to remove passwords, which if EVERYONE did it, might encourage virus writers. (I finnally snapped when I changed my time for DST, instead of entering the password I just removed the password).

Hanes


I'm confused. You mean your servers are somehow less annoying than your desktops? Perhaps you should delete the desktops and pretend the machines are all servers. That might finally take care of all annoyances!
I've only been using linux for 7 or 8 years, so I don't know much. But, this idea of yours really demonstrates your need to read. ;)/>
The people never give up their liberties but under some delusion. Edmund Burke, 1784
0

#8 User is offline   iphitus 

  • Arch Linux Developer, Rocket Scientist
  • View blog
  • Group: Global Moderator
  • Posts: 3,869
  • Joined: 16-April 03

Posted 19 April 2006 - 06:01 AM

Obviously he's read about it, and he's aware of the danger.

If he chooses not to, then telling him otherwise won't teach him anything new. Let him find out the hard way. All the same, it's a pretty stupid idea to go passwordless.

James

This post has been edited by iphitus: 19 April 2006 - 06:36 AM

0

#9 User is offline   ianw1974 

  • Platinum
  • View blog
  • Group: Admin
  • Posts: 14,049
  • Joined: 09-March 05

Posted 19 April 2006 - 06:18 AM

Really bad idea. You might as well be running Windows instead of Linux with the fact you've removed the password.

So the hacker has to type "su" to get the privileges. Big deal, it's two characters to him, since their's no password now! He can now completely remove everything on your system.

How about utilities such as fdisk. Your partition table is instantly wiped in a few seconds and then you wonder where everything went? Nice reinstall for you, and then again and again if you find that he keeps coming back for more, which I think he will since it's so easy to trash your system.
Ian Walker

Light travels faster than sound. This is why some people appear bright until you hear them speak.........

Posted Image2 x systems installed with Ubuntu 14.04 x86_64 (Laptop and Desktop)
Posted Image1 x systems installed with Gentoo x86_64 (Desktop)

My Linux Solutions | Linux Systems Limited
0

#10 User is offline   tyme 

  • Serial Slacker
  • View blog
  • Group: Platinum
  • Posts: 13,309
  • Joined: 24-October 02

Posted 19 April 2006 - 06:28 AM

View Postiphitus, on Apr 19 2006, 02:01 AM, said:

Obviously he's read about it, and he's aware of the danger.

If he chooses not to, then telling him otherwise won't teach him anything new. Let him find out the hard way.

I think the point of most of these replies is to make sure no user reads this and decides it is a good idea, when it most obviously is not. anyone who thinks otherwise obviously knows nothing about computer security - any system connected to the internet can be compromised, and just because there is nothing on that system that the user cares about, the system can still be used to launch attacks elsewhere, and you can be held liable for such attacks (I'm sure you know all this, iphitus ;)/> ). Put simply

crackers system -> system with no root password -> crackers target

the system in the middle ends up being seen as the system responsible for the attack, and the owner of that system is charged - if you're in the US and the attack crosses state lines you'll be having a nice chat with an FBI agent, no doubt. and don't think logs are going to save you, because any good cracker will cover his tracks on the way out the door. a system without a root password, sitting on the internet, is likely to be compromised very quickly - you should see how many ssh brute force attempts I get on my system in a day! so many that i decided to turn off ssh because it was more worry than worth. not having a root password is, quite easily, the dumbest idea ever.
0

#11 User is offline   Turb0flat4 

  • New Here
  • Group: Members
  • Posts: 42
  • Joined: 13-April 06

Posted 19 April 2006 - 07:25 AM

I have the winning argument here.

Hanes, would you please post your IP ?









Yeah, didn't think so.
0

#12 User is offline   scarecrow 

  • Platinum
  • Group: Platinum
  • Posts: 5,157
  • Joined: 16-February 05

Posted 19 April 2006 - 07:50 AM

View PostTurb0flat4, on Apr 19 2006, 10:25 AM, said:

Hanes, would you please post your IP ?


Forum mods and admins have his IP, and one of them may actually want to see what's happening when installing .deb packages on Mandriva, or if deleting the /etc directory has any impact on the system performance! :P/>

This post has been edited by scarecrow: 19 April 2006 - 07:51 AM

0

#13 User is offline   tyme 

  • Serial Slacker
  • View blog
  • Group: Platinum
  • Posts: 13,309
  • Joined: 24-October 02

Posted 19 April 2006 - 07:53 AM

:unsure:/>

B)/>

:lol2:/>

(just to clarify: only admins can see IPs, mods cannot, IIRC)
0

#14 User is offline   arctic 

  • Platinum
  • View blog
  • Group: Global Moderator
  • Posts: 8,192
  • Joined: 11-June 04

Posted 19 April 2006 - 08:06 AM

Not correct, tyme. We can see the ips on the forums where we moderate. :D/>

I wonder what security measures his servers have. I bet not very good ones... :rolleyes:/>
Mageia 1
0

#15 User is offline   ianw1974 

  • Platinum
  • View blog
  • Group: Admin
  • Posts: 14,049
  • Joined: 09-March 05

Posted 19 April 2006 - 08:11 AM

Mods can see some ip's, just not yours! :P/>
Ian Walker

Light travels faster than sound. This is why some people appear bright until you hear them speak.........

Posted Image2 x systems installed with Ubuntu 14.04 x86_64 (Laptop and Desktop)
Posted Image1 x systems installed with Gentoo x86_64 (Desktop)

My Linux Solutions | Linux Systems Limited
0

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users