Mailinglist Archive: opensuse (3351 mails)

< Previous Next >
Re: [opensuse] Root's password
  • From: Bill Anderson <bill@xxxxxxxxxxxxxxxxx>
  • Date: Mon, 19 Mar 2007 12:14:37 -0600
  • Message-id: <45FED30D.9090409@xxxxxxxxxxxxxxxxx>

James Knott wrote:
Dave Cotton wrote:
On Mon, 2007-03-19 at 12:42 -0400, James Knott wrote:
Dave Cotton wrote:
On Mon, 2007-03-19 at 10:00 -0400, James Knott wrote:
Enter the passwd command. You will then be prompted for the old password etc.
Are you sure?


Yes.

The please type passwd when logged in as root and see what happens,
because you will not be asked for the old password.

see below

/home/dave # passwd
Changing password for root.
New Password: Reenter New Password: Password changed.

Sure now?

Curious. It asks for the old password, when changing as a user, but not when as root. That means that if someone finds an open root session, they can change the password!

Not really curious, as root has the ability to edit the /etc/shadow file. Or, create a new account with an account id of 0. Root can change anyone's password, without knowing the password. Without that capability, how could a system administrator correct forgotten password situations.

Bill Anderson
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >