ubuntu 10.04 and root?

I am a newb with all this and I have a question about the best way to change the default user.

When I install ubuntu 10.04 on a local PC it sets up a user with root privileges and disables the root password. However when I select the linode version I have to ssh as root. As I understand it this is a security issue that I need to change. But how do I create a new user that can act as the root and then disable the root?

I have tried searching here and google but it is info overload and confusing.

16 Replies

Read this http://library.linode.com/beginners-guide/

To solve your immediate problem do the following

adduser <username></username>

replacing with your desired username then run

visudo

and add

 <username>ALL=(ALL) ALL</username>

again replacing with your desired username

Then type passwd -l root to lock out the root account.

Thankyou so much :D

I have read the beginners-guide several times but I had not found a reference to visudo. I did find one on google but it was confusing.

I imagine it's in there somewhere, if not you can email docs@linode.com and they can add it.

For decades, across numerous platforms, Nix Admins managed to safely use the 'root' account.

Then Ubuntu comes along and assumes it's users are too stupid to be trusted with it.

Not entirely a bad assumption. We all know how Windows turned out…

History has found that the safest way to use the root account is to not use the root account. That's how the greybeards pull it off.

I don't know - as one of those people who, as you say, has safely managed to use the root account for decades, I've actually grown to like the sudo approach on those systems where it is used. Having to think a little extra, and include a few more characters, before issuing administrative commands isn't that bad an idea, and the cached authorization is nice when switching among accounts other than root. It isn't really that often that you need to execute a whole lot of commands all of which need such access.

And if I really want it the old way, sudo with "-i" or "-s" isn't much different than a plain "su".

– David

One reason it could be a good idea to lock the root account is that it's easily guessable. Every Linux box has an account named "root". It's an easy target for script kiddies. Sure, you can disable root login from SSH. But not allowing anybody to log in as root (even from the console, in case somebody steals your Lish key) arguably makes for an additional layer of security.

Eh hybinet's argument is probably the best, I still use sudo -i all the time since the only time I ssh in is to edit a configuration file or restart which all require root access.

Never use visudo on Ubuntu. Use sudo. It's that simple. Use it only when you need to.

@jebblue:

Never use visudo on Ubuntu. Use sudo.

Huh? :roll:

It is quite ironic that you disable the root account and grant ALL permissions to the newly created shell account.

I doubt that it would be that much difficult to get a root shell when you have a shell account with all permissions.

What is the point?

I think the point is 1) script kiddies don't know your username (shouldn't be a problem anyway but for novices better safe than sorry, 2) It makes you think before you do that rm -rf / ;)

The first would hardly be a problem as you yourself have mentioned. As for the second point…well, I'd be shooting myself in the head if I did that. I know that it isn't impossible; I have nearly done that on a developmental server before in a moment of cheekiness.

Then again, some practices never die. :roll:

Aye, sudo's really more useful for 1) tracking who does what and 2) restricting what people can do, of course in a single user environment this is pointless. And yes I have rm -rf / once before by accident (and a few times for fun)

It would be relatively funny if someone did sudo rm -rf / by accident and still allowed it to go through (double carelessness, anyone?).

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct