• Free console login as root ???


    Hi.

    Reading ‘What’s Been the Best Linux Distro of 2014?’ on slashdot i noticed a comment about AUR being unsecure.
    So i promptly installed rkhunter and same time start searching internet about Arch security.

    I found Security on Arch wiki, Denying console login as root [url:1qt2ka4g]https://wiki.archlinux.org/index.php/Security#Denying_console_login_as_root[/url:1qt2ka4g]

    I was really surprised when hitting ALT+F1 and writing root at login prompt, there i was loged in as root without password.
    I think this been possible for me before only on LiveCD’s.

    Ok, i haven’t read all the manual and wiki’s about installing, but i see this as security issue if this i default on clean installs.

    Well never again on my machine’s sir!

    #
    # /etc/securetty
    #
    console
    #tty1

  • Hi.

    Reading ‘What’s Been the Best Linux Distro of 2014?’ on slashdot i noticed a comment about AUR being unsecure.
    So i promptly installed rkhunter and same time start searching internet about Arch security.

    I found Security on Arch wiki, Denying console login as root [url:1qt2ka4g]https://wiki.archlinux.org/index.php/Security#Denying_console_login_as_root[/url:1qt2ka4g]

    I was really surprised when hitting ALT+F1 and writing root at login prompt, there i was loged in as root without password.
    I think this been possible for me before only on LiveCD’s.

    Ok, i haven’t read all the manual and wiki’s about installing, but i see this as security issue if this i default on clean installs.

    Well never again on my machine’s sir!

    #
    # /etc/securetty
    #
    console
    #tty1

  • Did you remove your root password? The root account is password protected by default for all installations.

    Best Regards,

  • Thanks for the reply.

    I checked and there were no password for root in the shadow file.
    So probably i have removed the password, though i cant remember it. I installed Antergos 3-4 months ago.

    I have get so used to sudo and so i haven’t thought about the root account.

    I changed the roots shell to nologin in /etc/passwd
    root:x:0:0:root:/root:/usr/bin/nologin

    Good if it was at my side only :) I really have liked my first year with Arch Linux.

    And thanks again !

    -membend

Posts 4Views 2055
Log in to reply