Jump to content
  • Announcements

    • spinynorman

      Mandriva Official Documentation

      Official documentation for extant versions of Mandriva can be found at doc.mandriva.com.   Documentation for the latest release may take some time to appear there. You can install all the manuals from the main repository if you have Mandriva installed - files are prefixed mandriva-doc.
    • paul

      Forum software upgrade   10/29/17

      So you may have noticed the forum software has upgraded !!!
      A few things that have changed. We no longer have community blogs (was never really used) We no longer have a portal page.
      We can discuss this, and decide whether it is needed (It costs money) See this thread: Here
hanes

Passwordless and loving it!

Recommended Posts

Hi all, I just removed a password from my root account the other day (passwd -d root) and I feel so free haha!

 

I just wanted to say this because of all the nutso posts I see against this. I avoided doing this for a while but then it occured to me that:

 

a) I run Win XP / Win 98 on most of my machines , they are ALWAYS running as root! At least on my Linux boxes the virus/hacker has to type SU

 

b There arent a lot of viruses running around on Linux (yet)

 

c) there just freaking desktops anyways! I backup important stuff!

 

d) I format my computer quite often anyways to try out different distros

 

e) Entering passwords is ANNOYING, especially for meaningless trivial things like changing the time, adding new wallpapers (into /usr/share/wallpapers, connecting to wireless networks, adding a printer, adding new fonts, loading the control center, and deleting fiiles

 

Anyways if any newbies are annoyed by passwords I wouldnt worry about it, I know you hear tons of people say things like "but you can DELETE ANYTHING", but guess what you can do that with most OS's out there.... I have yet to mistakenly delete my /

 

Obviously my servers have passwords that I change monthly, but thats another story. Even the computers that are somewhat public (ie others use them) I use passwords with...

 

On a related point it would be neat to have a password wizard, which asked the user what he DIDN't want to enter a password for, this way users wouldnt feel the need to remove passwords, which if EVERYONE did it, might encourage virus writers. (I finnally snapped when I changed my time for DST, instead of entering the password I just removed the password).

 

Hanes

My Flash Video Install Tutorial

Edited by hanes

Share this post


Link to post
Share on other sites

No doubt. When some l33t hax0rs turn your boxes into zombies and load your HD with kiddie-porn don't come crying here.

Share this post


Link to post
Share on other sites

not using a root password is a horrible idea. since you don't have a root password, I could very easily hack your computer at this very moment if I felt like it. Horrible, horrible, horrible idea. What I find funny is in your tutorial you admit to this!

 

Oh, and if you really wanna know, part of the reason why MS Windows has such huge security problems is because everyone has root, and almost no one uses a password.

Share this post


Link to post
Share on other sites

STUPID STUPID.

 

what can I say..

 

Once in a while you have to type in a password, To upgrade or install new things, Come on i upgrade so often but keep the password. A little pain is better than a destroyed PC..

 

This is a bad idea,

Just because i have not personally got a virus in windows in 4 Years does not mean that Windows is Safe.. I just use it correctly, when i have too..

 

Same with linux use it correctly and you will be saved the pain later..

 

If you worked for me, It would be your last day.. take a walk to SANS.org and read why policies are needed and everyone has to follow them, for everyones protection..

Share this post


Link to post
Share on other sites

Troll, troll, troll.

 

Being passwordless for root is a *terrible* idea. One of the reasons I tired of Ubuntu was that nearly everything could be done with sudo and a non-privileged user password. That's bad enough.

 

This is infinitely worse.

 

BTW, don't use WinXP to bolster your feeble arguments. True, by default it's setup that way, but it's the easiest thing to set a password. Even better would be to make an additional limited user account to do day to day stuff.

 

In any case, Windoze XP should not be used as a benchmark for anything. The last OS where Redmond got nearly everything right in an OS was Windows 2000 Pro. It hadn't happened before, and it hasn't happened since.

 

WIn2k had *excellent* security policies *by default* - you HAD to login, and they even encouraged you to use a reserved key combo (Ctrl-Alt-Del) to enter the login screen. You could even change the name of the Admin account from the default to something non-intuitive for added security, something that (as far as I know), still cannot be done in Linux. And you couldn't switch users "on the fly" like you can with WinXP. That was a brilliant security policy, it's how it should be.

 

But lusers like you seem to want insecure machines as long as they're "easy" to use, so I guess that's why WinXP is done the way it is. That's not a good thing though !

Edited by Turb0flat4

Share this post


Link to post
Share on other sites
Hi all, I just removed a password from my root account the other day (passwd -d root) and I feel so free haha!

Free, as in, free lunch. B)

I just wanted to say this because of all the nutso posts I see against this. I avoided doing this for a while but then it occured to me that:

By nutso, I assume you are referring to acceptable best practices in the entire computer world except windows? :lol:

a) I run Win XP / Win 98 on most of my machines , they are ALWAYS running as root! At least on my Linux boxes the virus/hacker has to type SU

What's the matter? Could you not afford to purchase a legal copy of windows xp on all of your machines?

b There arent a lot of viruses running around on Linux (yet)

Becuse linux is safe with a root account that is password protected. But really, that is just BEST practices. What do IT people know, anyway?

c) there just freaking desktops anyways! I backup important stuff!

Ummm... if all that is on your hard drive is desktops, I would be interested in where you keep all the other important stuff, like the kernel, the directory tree, mundane stuff like that!

d) I format my computer quite often anyways to try out different distros

 

e) Entering passwords is ANNOYING, especially for meaningless trivial things like changing the time, adding new wallpapers (into /usr/share/wallpapers, connecting to wireless networks, adding a printer, adding new fonts, loading the control center, and deleting fiiles

 

Anyways if any newbies are annoyed by passwords I wouldnt worry about it, I know you hear tons of people say things like "but you can DELETE ANYTHING", but guess what you can do that with most OS's out there.... I have yet to mistakenly delete my /

I'm sorry. Is your root also on your hard drive along with the desktops?

Obviously my servers have passwords that I change monthly, but thats another story. Even the computers that are somewhat public (ie others use them) I use passwords with...

 

On a related point it would be neat to have a password wizard, which asked the user what he DIDN't want to enter a password for, this way users wouldnt feel the need to remove passwords, which if EVERYONE did it, might encourage virus writers. (I finnally snapped when I changed my time for DST, instead of entering the password I just removed the password).

 

Hanes

 

I'm confused. You mean your servers are somehow less annoying than your desktops? Perhaps you should delete the desktops and pretend the machines are all servers. That might finally take care of all annoyances!

I've only been using linux for 7 or 8 years, so I don't know much. But, this idea of yours really demonstrates your need to read. ;)

Share this post


Link to post
Share on other sites

Obviously he's read about it, and he's aware of the danger.

 

If he chooses not to, then telling him otherwise won't teach him anything new. Let him find out the hard way. All the same, it's a pretty stupid idea to go passwordless.

 

James

Edited by iphitus

Share this post


Link to post
Share on other sites

Really bad idea. You might as well be running Windows instead of Linux with the fact you've removed the password.

 

So the hacker has to type "su" to get the privileges. Big deal, it's two characters to him, since their's no password now! He can now completely remove everything on your system.

 

How about utilities such as fdisk. Your partition table is instantly wiped in a few seconds and then you wonder where everything went? Nice reinstall for you, and then again and again if you find that he keeps coming back for more, which I think he will since it's so easy to trash your system.

Share this post


Link to post
Share on other sites
Obviously he's read about it, and he's aware of the danger.

 

If he chooses not to, then telling him otherwise won't teach him anything new. Let him find out the hard way.

I think the point of most of these replies is to make sure no user reads this and decides it is a good idea, when it most obviously is not. anyone who thinks otherwise obviously knows nothing about computer security - any system connected to the internet can be compromised, and just because there is nothing on that system that the user cares about, the system can still be used to launch attacks elsewhere, and you can be held liable for such attacks (I'm sure you know all this, iphitus ;) ). Put simply

 

crackers system -> system with no root password -> crackers target

 

the system in the middle ends up being seen as the system responsible for the attack, and the owner of that system is charged - if you're in the US and the attack crosses state lines you'll be having a nice chat with an FBI agent, no doubt. and don't think logs are going to save you, because any good cracker will cover his tracks on the way out the door. a system without a root password, sitting on the internet, is likely to be compromised very quickly - you should see how many ssh brute force attempts I get on my system in a day! so many that i decided to turn off ssh because it was more worry than worth. not having a root password is, quite easily, the dumbest idea ever.

Share this post


Link to post
Share on other sites
Hanes, would you please post your IP ?

 

Forum mods and admins have his IP, and one of them may actually want to see what's happening when installing .deb packages on Mandriva, or if deleting the /etc directory has any impact on the system performance! :P

Edited by scarecrow

Share this post


Link to post
Share on other sites

:unsure:

 

B)

 

:lol2:

 

(just to clarify: only admins can see IPs, mods cannot, IIRC)

Share this post


Link to post
Share on other sites

Not correct, tyme. We can see the ips on the forums where we moderate. :D

 

I wonder what security measures his servers have. I bet not very good ones... :rolleyes:

Share this post


Link to post
Share on other sites

Mods can see some ip's, just not yours! :P

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×