hanes Posted April 18, 2006 Report Share Posted April 18, 2006 (edited) Hi all, I just removed a password from my root account the other day (passwd -d root) and I feel so free haha! I just wanted to say this because of all the nutso posts I see against this. I avoided doing this for a while but then it occured to me that: a) I run Win XP / Win 98 on most of my machines , they are ALWAYS running as root! At least on my Linux boxes the virus/hacker has to type SU b There arent a lot of viruses running around on Linux (yet) c) there just freaking desktops anyways! I backup important stuff! d) I format my computer quite often anyways to try out different distros e) Entering passwords is ANNOYING, especially for meaningless trivial things like changing the time, adding new wallpapers (into /usr/share/wallpapers, connecting to wireless networks, adding a printer, adding new fonts, loading the control center, and deleting fiiles Anyways if any newbies are annoyed by passwords I wouldnt worry about it, I know you hear tons of people say things like "but you can DELETE ANYTHING", but guess what you can do that with most OS's out there.... I have yet to mistakenly delete my / Obviously my servers have passwords that I change monthly, but thats another story. Even the computers that are somewhat public (ie others use them) I use passwords with... On a related point it would be neat to have a password wizard, which asked the user what he DIDN't want to enter a password for, this way users wouldnt feel the need to remove passwords, which if EVERYONE did it, might encourage virus writers. (I finnally snapped when I changed my time for DST, instead of entering the password I just removed the password). Hanes My Flash Video Install Tutorial Edited April 18, 2006 by hanes Link to comment Share on other sites More sharing options...
nchancock Posted April 18, 2006 Report Share Posted April 18, 2006 No doubt. When some l33t hax0rs turn your boxes into zombies and load your HD with kiddie-porn don't come crying here. Link to comment Share on other sites More sharing options...
tyme Posted April 18, 2006 Report Share Posted April 18, 2006 not using a root password is a horrible idea. since you don't have a root password, I could very easily hack your computer at this very moment if I felt like it. Horrible, horrible, horrible idea. What I find funny is in your tutorial you admit to this! Oh, and if you really wanna know, part of the reason why MS Windows has such huge security problems is because everyone has root, and almost no one uses a password. Link to comment Share on other sites More sharing options...
michaelcole Posted April 19, 2006 Report Share Posted April 19, 2006 STUPID STUPID. what can I say.. Once in a while you have to type in a password, To upgrade or install new things, Come on i upgrade so often but keep the password. A little pain is better than a destroyed PC.. This is a bad idea, Just because i have not personally got a virus in windows in 4 Years does not mean that Windows is Safe.. I just use it correctly, when i have too.. Same with linux use it correctly and you will be saved the pain later.. If you worked for me, It would be your last day.. take a walk to SANS.org and read why policies are needed and everyone has to follow them, for everyones protection.. Link to comment Share on other sites More sharing options...
Turb0flat4 Posted April 19, 2006 Report Share Posted April 19, 2006 (edited) Troll, troll, troll. Being passwordless for root is a *terrible* idea. One of the reasons I tired of Ubuntu was that nearly everything could be done with sudo and a non-privileged user password. That's bad enough. This is infinitely worse. BTW, don't use WinXP to bolster your feeble arguments. True, by default it's setup that way, but it's the easiest thing to set a password. Even better would be to make an additional limited user account to do day to day stuff. In any case, Windoze XP should not be used as a benchmark for anything. The last OS where Redmond got nearly everything right in an OS was Windows 2000 Pro. It hadn't happened before, and it hasn't happened since. WIn2k had *excellent* security policies *by default* - you HAD to login, and they even encouraged you to use a reserved key combo (Ctrl-Alt-Del) to enter the login screen. You could even change the name of the Admin account from the default to something non-intuitive for added security, something that (as far as I know), still cannot be done in Linux. And you couldn't switch users "on the fly" like you can with WinXP. That was a brilliant security policy, it's how it should be. But lusers like you seem to want insecure machines as long as they're "easy" to use, so I guess that's why WinXP is done the way it is. That's not a good thing though ! Edited April 19, 2006 by Turb0flat4 Link to comment Share on other sites More sharing options...
aioshin Posted April 19, 2006 Report Share Posted April 19, 2006 what an idea!? do you really understand what you've done? Link to comment Share on other sites More sharing options...
Ixthusdan Posted April 19, 2006 Report Share Posted April 19, 2006 Hi all, I just removed a password from my root account the other day (passwd -d root) and I feel so free haha! Free, as in, free lunch. B) I just wanted to say this because of all the nutso posts I see against this. I avoided doing this for a while but then it occured to me that: By nutso, I assume you are referring to acceptable best practices in the entire computer world except windows? :lol: a) I run Win XP / Win 98 on most of my machines , they are ALWAYS running as root! At least on my Linux boxes the virus/hacker has to type SU What's the matter? Could you not afford to purchase a legal copy of windows xp on all of your machines? b There arent a lot of viruses running around on Linux (yet) Becuse linux is safe with a root account that is password protected. But really, that is just BEST practices. What do IT people know, anyway? c) there just freaking desktops anyways! I backup important stuff! Ummm... if all that is on your hard drive is desktops, I would be interested in where you keep all the other important stuff, like the kernel, the directory tree, mundane stuff like that! d) I format my computer quite often anyways to try out different distros e) Entering passwords is ANNOYING, especially for meaningless trivial things like changing the time, adding new wallpapers (into /usr/share/wallpapers, connecting to wireless networks, adding a printer, adding new fonts, loading the control center, and deleting fiiles Anyways if any newbies are annoyed by passwords I wouldnt worry about it, I know you hear tons of people say things like "but you can DELETE ANYTHING", but guess what you can do that with most OS's out there.... I have yet to mistakenly delete my / I'm sorry. Is your root also on your hard drive along with the desktops? Obviously my servers have passwords that I change monthly, but thats another story. Even the computers that are somewhat public (ie others use them) I use passwords with... On a related point it would be neat to have a password wizard, which asked the user what he DIDN't want to enter a password for, this way users wouldnt feel the need to remove passwords, which if EVERYONE did it, might encourage virus writers. (I finnally snapped when I changed my time for DST, instead of entering the password I just removed the password). Hanes I'm confused. You mean your servers are somehow less annoying than your desktops? Perhaps you should delete the desktops and pretend the machines are all servers. That might finally take care of all annoyances! I've only been using linux for 7 or 8 years, so I don't know much. But, this idea of yours really demonstrates your need to read. ;) Link to comment Share on other sites More sharing options...
iphitus Posted April 19, 2006 Report Share Posted April 19, 2006 (edited) Obviously he's read about it, and he's aware of the danger. If he chooses not to, then telling him otherwise won't teach him anything new. Let him find out the hard way. All the same, it's a pretty stupid idea to go passwordless. James Edited April 19, 2006 by iphitus Link to comment Share on other sites More sharing options...
ianw1974 Posted April 19, 2006 Report Share Posted April 19, 2006 Really bad idea. You might as well be running Windows instead of Linux with the fact you've removed the password. So the hacker has to type "su" to get the privileges. Big deal, it's two characters to him, since their's no password now! He can now completely remove everything on your system. How about utilities such as fdisk. Your partition table is instantly wiped in a few seconds and then you wonder where everything went? Nice reinstall for you, and then again and again if you find that he keeps coming back for more, which I think he will since it's so easy to trash your system. Link to comment Share on other sites More sharing options...
tyme Posted April 19, 2006 Report Share Posted April 19, 2006 Obviously he's read about it, and he's aware of the danger. If he chooses not to, then telling him otherwise won't teach him anything new. Let him find out the hard way. I think the point of most of these replies is to make sure no user reads this and decides it is a good idea, when it most obviously is not. anyone who thinks otherwise obviously knows nothing about computer security - any system connected to the internet can be compromised, and just because there is nothing on that system that the user cares about, the system can still be used to launch attacks elsewhere, and you can be held liable for such attacks (I'm sure you know all this, iphitus ;) ). Put simply crackers system -> system with no root password -> crackers target the system in the middle ends up being seen as the system responsible for the attack, and the owner of that system is charged - if you're in the US and the attack crosses state lines you'll be having a nice chat with an FBI agent, no doubt. and don't think logs are going to save you, because any good cracker will cover his tracks on the way out the door. a system without a root password, sitting on the internet, is likely to be compromised very quickly - you should see how many ssh brute force attempts I get on my system in a day! so many that i decided to turn off ssh because it was more worry than worth. not having a root password is, quite easily, the dumbest idea ever. Link to comment Share on other sites More sharing options...
Turb0flat4 Posted April 19, 2006 Report Share Posted April 19, 2006 I have the winning argument here. Hanes, would you please post your IP ? Yeah, didn't think so. Link to comment Share on other sites More sharing options...
scarecrow Posted April 19, 2006 Report Share Posted April 19, 2006 (edited) Hanes, would you please post your IP ? Forum mods and admins have his IP, and one of them may actually want to see what's happening when installing .deb packages on Mandriva, or if deleting the /etc directory has any impact on the system performance! :P Edited April 19, 2006 by scarecrow Link to comment Share on other sites More sharing options...
tyme Posted April 19, 2006 Report Share Posted April 19, 2006 :unsure: B) (just to clarify: only admins can see IPs, mods cannot, IIRC) Link to comment Share on other sites More sharing options...
arctic Posted April 19, 2006 Report Share Posted April 19, 2006 Not correct, tyme. We can see the ips on the forums where we moderate. :D I wonder what security measures his servers have. I bet not very good ones... Link to comment Share on other sites More sharing options...
ianw1974 Posted April 19, 2006 Report Share Posted April 19, 2006 Mods can see some ip's, just not yours! :P Link to comment Share on other sites More sharing options...
Recommended Posts