Root passwords

what do people do with root passwords? I normally just use sudo when I need root access, so I am trying to harden my systems. Should I set root to something long and random, should I just lock root (passwd -l), both? or should I delete the root password and then lock it (passwd -dl)

“It depends.”

  • Disabling the root account will remove a known account and remove a known entry point.
  • Using sudo means an attacker only needs one password (and likely a shorter one because you type it in regularly).
  • Using sudo will leave your system open for ~15 minutes to escalation without a new password.
  • Using a non-admin account and a root account (e.g. accessed via su) means your normal account can’t be used to compromise the system.
  • Not having sudo rights for you user can make certain operations more effort (e.g. su -; pacman -Syu vs sudo pacman -Syu).

So, it’s a balance of convenience and security. Whatever you do, though, always disable SSH password-based logins for root.

3 Likes

thanks, yes ssh is is locked down, no root and no password login. I get what you mean about sudo, like you said its all a balance. Just thinking it through and trying to strike a reasonable balance

For my personal computer, I have disabled all SSH access.

I’m not too worried about my system being compromised. Pretty much the only thing of value on my system is my home directory, which I regularly back up, and I keep sensitive stuff like password databases encrypted.

I have different passwords for my root user and my regular user. I use sudo with my regular user account for updates and maintenance. I almost never use the root user.

For now this is essentially what I’ve done, I just reset all my root passwords.

I guess my methods make no sense then… I use sudo for ‘general’ stuff (writing into /usr/share and /etc) and su-c_wrapper (here on EnOS) for stuff I need to think of a bit (updates, working in /boot) just to remind me that consequences await! My ‘exposure’ risk is low - so far the cat hasn’t typed either password… :grin:

What su-c_wrapper? I’m unfamiliar with that one

As the name suggests, it is a wrapper script around command su -c.
It adds some sudo-like usage features, like

  • if password was wrong, it asks it again, totally at most 3 times
  • user’s command+parameters need not be surrounded with quotes like with su -c

But it doesn’t store the password for 15 minutes like sudo does.

Examples:

su-c_wrapper ls /root
mkdir "foo bar"
su-c_wrapper ls -l "foo bar"

The same with su -c:

su -c "ls /root"
su -c "ls -l 'foo bar'"

You can look at the script at /usr/bin/su-c_wrapper.

And if anyone finds an issue with the script, please report as soon as possible! :wink:

The name is a bit long. :stuck_out_tongue_winking_eye:

How about suc, sucs, :joy: or e.g.sucdo?

2 Likes

That’s what the alias is for (suc on mine) - although most often it is deployed from a ‘composite’ alias - such spacman=‘suc pacman’. It can make you think a moment instead of auto-entering the sudo pwd from overfamiliarity. Also - doesn’t leave the sudo permission hanging ‘open’ - although that could be changed anyway…

1 Like

If it’s packaged then it could be a symlink rather than an alias, then it’s consistent for all users and shells etc. :thinking:

Very true - but so far the cat hasn’t requested an account on here! :cat2:

I could be wrong, but I don’t think the 15 minutes timer (or how much it is) of sudo is a significant security risk if you are aware of it. It only applies to the current interactive shell session. So just close that session when you’re done with what you needed to do that required elevated privileges. Unless the attacker has access to that particular shell session before you close it, it seems perfectly safe.

Try it yourself, open two instances of your terminal emulator of choice. In one, type sudo echo hi and enter your password. In the other do the same, and you will need to enter the password again, even if you do it just a second later.

4 Likes

First of all, this is a question that has been debated for years with no clear “right” answer.

I would say that there are a couple of things that are virtually universally a good idea:

  1. Ensure that all your accounts have strong passwords that are not easily compromised through any normal means
  2. Disable ssh access to user “root” via password.

Beyond that, it really depends what the risk you are trying to avoid is.

I would start by asking a question. If your normal account has full sudo rights, what is the scenario in which your security is significantly different with:

  • A root account which shares the password with your main account
  • A root account with a highly complicated password you don’t know
  • A root account which is disabled

Ultimately, what is the scenario in which your root account can suffer a brute force attack but the attacker wouldn’t have access to the username on your main account to attack that instead?

The answer to that question, might lead you to some additional ways to secure your system.

2 Likes

That was a deliberate choice. It gives the opportunity to be aliased, symlinked, or functioned to whatever user wants. Or even renamed locally. And scripts can use it as-is.
So that list alone makes it quite versatile. :wink: :rofl:

2 Likes

One thing you don’t mention - you KNOW what it is when you happen across it! :grin: not another abc.sh type name!

1 Like

i would suggest also a secured house also and a firewall between local and www-network :wink:

Yes, don’t leave your doors unlocked. :innocent:

Yep that makes lots sense. Thinking more about. I guess I was naively looking for a simple answer, which doesn’t exist. For now I’ve reset all my passwords, disabled ssh passwords and sshroot login. I’ve locked down my firewall settings. So at the moment I think I’m good.

1 Like