Reply to post: Re: I always set a root password on sudo-based systems

Pro tip: You can log into macOS High Sierra as root with no password

Lomax
Headmaster

Re: I always set a root password on sudo-based systems

All 'buntu flavours lock the root account by default, and setting a password will unlock it - I would advise against this. Personally, I prefer a (memorised) strong password on my user account which can be used to gain su privileges, while leaving the root account locked. Just one less thing to keep track of. For passwords, I find it is easier to memorise a phrase of a few words rather than a (shorter) random string - ideally with a few numbers & special characters thrown in for good measure. Faster to type too!

A list of some of the pros of using sudo:

https://help.ubuntu.com/community/RootSudo#Benefits_of_using_sudo

A comparison of different ways of opening a root shell:

https://help.ubuntu.com/community/RootSudo#Special_notes_on_sudo_and_shells

A discussion about character vs. phrase based passwords:

https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

When it comes to opening a root shell, I prefer to use "sudo -i", since it keeps confusion to a minimum. This will load root's full environment and prevents accidental overwriting of user files with files owned by root, etc. It also decorates your prompt with a # instead of a $, which serves as a visual reminder that you need to think a little more carefully about what you do next...

"su" on the other hand, is not intended specifically for gaining root privileges; it actually stands for "substitute user" and allows you to impersonate *any* user on the system. By including the " - " it will also load that user's environment. This is often handy when you want to test an application which runs under an account for which login is disabled (such as a daemon), and see if/where it runs into permission issues etc (i.e. "su - accountname"). An ommitted account name will default to "root", which is probably why it's often used in the way you suggest, though while the resulting shell is basically the same as what you would get with "sudo -i" I would personally not use "su -" to become root. Just feels wrong.

See also "man sudo" and "man su".

</lecture>

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019