[solved] Octopi - root password - no more root password

My teacher told me to always disable root and give it no password so i did.
*passwd -l root
*in `/etc/shadow --> root:!:12345::::::

The problem is now i can't use Octopi anymore because it asks for the root password when installing new software.

Error message:
permission denied.
Possibly incorrect password, please try again.
On some systems, you need to be in a special group (often: wheel) to use this program

My questions are:

  1. Do i need to re-enable root and set a password?
  2. Can i leave root password-less and change Octopi so it won't ask for the root password?

Manjaro is based on arch, by default we use a root account, and set a password. The installer (calamares) asks for a root password in the user creation dialog. However, it also has a setting (check box) to have it use the same password as the user account it creates.

To disable root like Ubuntu does, you need to follow the arch wiki:
https://wiki.archlinux.org/index.php/Sudo#Disable_root_login

Make sure your using sudo and not su by default in octopi's setting and,or the kdesu setting.

1 Like

That is very bad advice. It's an Ubuntu'ism. It is safe ─ and in my personal opinion, even recommended ─ to disable direct root logins, but only on the condition that one's account is a member of the wheel group, and this condition should be verified first.

Once you are certain that your account is in the wheel group ─ so that you can become root with the command...

su -

─ you can proceed with the safest way to prevent root from logging in directly, i.e. to first make a backup copy of the file /etc/securetty and to then issue the following command (as root):

echo > /etc/securetty

This will truncate the file, i.e. empty it.

Yes. But you'll need to do it from a live medium and inside a chroot environment

mkdir /repair
mount -t auto /dev/whatever-the-root-device-is /repair
chroot /repair /bin/bash
passwd
sync && exit

I don't know whether that is possible, but someone else might be able to shed more light on that. :slight_smile:

Did you ever read the arch wiki, or study up on how su, sudo works?
Your advise is more of a hack, and not really all that secure.
Your only disabling terminal logins.
There are other ways to log in and,or gain access using the root account.

1 Like

I just gave root a new password and i can use octopi again.

In Class we use Ubuntu, Centos and Debian. I'm new to arch and Manjaro. I did use the commands you supplied in your reply must have been to hasty.

I'm gonna leave root disabled but give it a password.

You can't actually disable root, per say.
All you did in the first place was to disable the root users password.
If you gave root a password, you re-enabled root.

Okay , thank you very much for the replies.

By the way, it's much simpler to use one, or both (if paranoid) the following commands:
To disable (aka remove) the root password: sudo passwd -d root.
To lock the root account: sudo passwd -l root.

I know how su works, thank you very much. I've only been exclusively using GNU/Linux for 20 years. :roll_eyes:

As for having read the Arch wiki, I have only been using Manjaro for just over a week now, so I haven't exactly had either the time or the inclination to study each and every article in the wiki of another distribution that just so happens to be the upstream of this one here. I sincerely apologize for this discrepancy, but I've got two forums to run and I do also still have a life away from the computer screen.

Furthermore, as per your own description, the Arch method would be akin to the Ubuntu method, and I've already said that was bad advice. Either one gives a user full root privileges with sudo but on the condition that the user must enter the target account's password, or one only gives the user a restricted subset of root privileges whereby it is sufficient for the user to supply their own password. Ubuntu gives the user full root privileges while requiring only their own password, which means that if the user's account gets compromised, the attacker has full root access.

Now, I don't know whether that is the advice given in the Arch wiki, but it's what you seemed to be suggesting. Like I said, I've got more important things to do with my time right now.

I know it's a hack, but it's a very old one from the UNIX world, and I would be interested in learning why it's not secure.

Of course, if one runs an ssh server, then one must also prevent root logins there, as well as in any of the web-based administration utilities that one would be running on one's machine ─ e.g. webmin. But none of those things are enabled in Manjaro out-of-the-box, and the OP identifies as a newbie, so I doubt whether they would have set up openssh-server or webmin.

I agree with you, for the most part. I disagree the old unix way is any more secure. After all, to compromise the root account all you need is the password, to compromise a user account you need both the users login, as well as their password.

But for a normal non-technical users. especially ones new to the Linix world, we need to keep things as simple as possible.

I too have been using Linux for a very long time, since 1995, and unix (Minux, BSD, AIX, and HPUX) for even longer. I've also been using Manjaro since about it's creation (version 0.1.2).

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by