Now, I know you’ll be wondering why you’d ever type what looks to the uninitiated like a random collection of letters, but, the point is a serious one – by leaving the root account without a password, it would be possible to wipe you machine, without any prompting at all, by typing this one command. This is a bit contrived, as (a) you need to switch to the root account (sudo), and then force silent removal (f), but, if Asus had done the job properly, and made it possible for there to be a root password, rather than forcing sudo to run on boot, reliant on a NOPASSWD file, things would be far more secure, and also far safer…
(If you do want to use rm for removing things (and, let’s face it, it is useful), you might want to be on the safe side and use switch i, forcing you to accept each deletion, at least until you’re comfortable with what you are doing. (The whole string would be rm -ir [file / directory name]) Although, of course, some would argue that you make the most mistakes when you are comfortable with something, as you can get a bit blasé…)
January 20, 2008 at 2:41 pm |
I think you’ve fundamentally misunderstood both the root account and the sudo command.
Sudo has nothing to do with passwords on the root account. It’s a method of granting super-user privileges to an unprivileged account (hence the name – ‘Super-User DO’). This is normal for desktop distributions of Linux these days, and other unix systems like Mac OS X.
You could set any number of passwords on the root account and it would have no affect on the command you’ve told people not to run.
Further the following things just don’t make sense:
‘forcing sudo to run on boot’ – sudo is a command, not a service. It runs when it’s called.
‘forcing sudo to run on boot’ – sudo uses a ’sudoers’ file, which controls who can use sudo, what they can use it for, and if a password is required. In that file you can specify ‘NOPASSWD’ to say that the user doesn’t need to type their password – but even without that option they would not need the root password, just their own password.
I don’t have my hands on an Eee PC yet, so I can’t check how /etc/sudoers is out of the box, but using sudo instead of the root account is normal and considered safer than using root, and most ‘end-user’ distros don’t have passwords on the root account, and don’t allow users to log into them. If NOPASSWD is set in /etc/sudoers it makes it slightly less secure, but more convenient. In any case, it has no relation to the root user or the root password.
You sound like you’re new to Linux – one of the good things about the Eee PC is that it’s bringing Linux to new users, but it can be confusing for people that aren’t familiar with Linux sysadmin. It’s really important not to make things even more confusing – people with even less experience than you are going to read this and think that your explanation is a sensible one, when it’s not!
January 20, 2008 at 2:42 pm |
Oops, that second ‘forcing sudo to run on boot’ should be ‘reliant on a NOPASSWD file’.
January 24, 2008 at 4:41 pm |
Thanks for your comments