On 09-07-17, Anders Andersson wrote: > On Sun, Jul 9, 2017 at 12:51 AM, Fungi4All <fungil...@protonmail.com> wrote: > > > On Sat, 2017-07-08 at 23:57 +0200, Kaj Persson wrote: > > > > > But now I discovered an issue, I cannot manage my desktop. I have > > > always at the previous installations, and they are quite many now, been > > > advised to, for security reason, leave the root password unset, which > > causes > > > the root account go passive, and for all tasks where I need root > > > authority I go via su/sudo. > > > > > > It is a bad idea despite of what security gurus may advise. You may lose > > your system > > and never get it back. > > > > > It's an even worse idea to listen to people on the internet who ignore > "security gurus" based on rumours. You can easily restore or change the > root password if it's lost or unset.
Leaving root password unassigned for "security" reasons is silly. Heaving, or not heaving root account assigned does not make your system any more secure. For some things you do need root account. Those systems that use sudo only approach ( read Ubuntu and derivates ) have sulogin patched to allow single user mode, for example. And it is made so on Ubuntu out of fear that new users attracted to Linux will mess up things more if they have access to root account. Not that it stopped people to be people and to mess things up equally successful with sudo account. As for those "security gurus", who are they? Real gurus? Or just people repeating what they've read somewhere with little to no understanding what they've read?
