What is the root password for Debian downloaded from Element 14?

My limited understanding of Linux administration is that you don't want to have a root password, as it leaves Linux horribly vunerable if anyone guesses it.  Instead, you have users such as "pi" who are allowed temporary superuser powers using the "sudo" command.  For example, if you do not have the right to rename a file using "mv old-name new-name", you can instead enter "sudo mv old-name new-name".  If you have administrator privileges, Linux will ask for your password and let you be a superuser for just that command.  Try "man sudo" for more information.

OK, seek and you shall find.

Used sudo passwd root to set password.

Thanks to those who had previously answered this query.

Thank-you.

John Beetem wrote:

 

My limited understanding of Linux administration is that you don't want to have a root password, as it leaves Linux horribly vunerable if anyone guesses it.

It's a matter of long-standing debate in the *nix sphere.  The proponents of sudo maintain that it slightly raises security and slightly reduces the risk of destroying the system, for novice system administrators.  The detractors of sudo maintain that these fractional changes in security and in risk are meaningless and a delusion, and if your security is based on that then you've already lost.

I don't have a strong opinion on it, because the pros/cons are not significant enough to merit debate.  YMMV.  Having used Unix since the earliest days when I'd get the source tapes from Bell Labs, I don't use sudo myself when working on back-end systems, but I do use it on front-end, public-facing systems to slightly reduce the potential for privilege escalation.  It's no panacea though, even there.

One thing's for sure, sudo is not a replacement for understanding, and even less for thinking.  Not thinking is always a mistake, and random typing will wreak havoc even when "protected" by sudo.

Morgaine.

Morgaine Dinova wrote:

 

John Beetem wrote:

 

My limited understanding of Linux administration is that you don't want to have a root password, as it leaves Linux horribly vunerable if anyone guesses it.

 

It's a matter of long-standing debate in the *nix sphere.  The proponents of sudo maintain that it slightly raises security and slightly reduces the risk of destroying the system, for novice system administrators.  The detractors of sudo maintain that these fractional changes in security and in risk are meaningless and a delusion, and if your security is based on that then you've already lost.

My (still limited) understanding is that one problem with "root" is that since every Unix machine has a user named "root", all you have to guess a password.  If it's forbidden to log in as root, you have to guess both a user name and its password, which is that much harder.

I personally like sudo, since I hate having to remember that I'm running as root and I like to have the computer protect me from my own human errors.  For the same reason, I use "copy" as an alias for "cp -ip" so that Unix asks me before I copy over a file, and the copy keeps the original file date.  This is also handy when I have to switch between Unix and Windows.

John Beetem wrote:

 

My (still limited) understanding is that one problem with "root" is that since every Unix machine has a user named "root", all you have to guess a password.  If it's forbidden to log in as root, you have to guess both a user name and its password, which is that much harder.

All usernames are visible in the world-readable /etc/passwd file in *nix.

Morgaine Dinova wrote:

 

John Beetem wrote:

 

My (still limited) understanding is that one problem with "root" is that since every Unix machine has a user named "root", all you have to guess a password.  If it's forbidden to log in as root, you have to guess both a user name and its password, which is that much harder.

 

All usernames are visible in the world-readable /etc/passwd file in *nix.

Well, I told you my Unix admin knowledge is limited.  So can anyone from anywhere log into any Unix machine as "guest" and cat /etc/passwd?  As long as only local guest logins are allowed that should help prevent many external attacks.

John Beetem wrote:

 

So can anyone from anywhere log into any Unix machine as "guest" and cat /etc/passwd?  As long as only local guest logins are allowed that should help prevent many external attacks.

Who can login, and from where, is decided by whoever configures the box.  In principle one can set up an account without any password (any username, not limited to just "guest"), but that would be rare except when the machine is only locally accessible by its owner.  Even then it's a questionable thing to do.  However, it's very common to set up no-password logins through ssh, as the login authorization is pre-authenticated with ssh-agent(1).

Once login has succeeded, that is when /etc/passwd is visible, and to everybody who is logged in, regardless of from where.  Its name is historical only, as it no longer carries the actually passwords.  However the usernames it contains are totally open to inspection, and are required for reverse lookup of userIDs.  For example, without that, an "ls -l" command would return numbers instead of names in the file ownership field.  (Likewise for group names, which are looked up in /etc/group.)

Morgaine.

I ran into this issue when Debian Linux was introduced on the BBB. Somewhere, and I can't remember where, someone mentioned entering the command "sudo su". It changes you to the root user and all inherent privileges. When you want to stop being a super user type "exit" and you will go back to the previous user. It even works when you are logged in remotely through a terminal emulator.

sudo -i has the same  function you are left as root at which point you can set your own password.

BTW there's no worries about  looking at /etc/passwd as the actual password hash is in /etc/shadow