Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Set a default root password.
This will prevent root login with an empty password on a fresh Arch Linux installation. This is only about the default behaviour, you could restore the previous one by running `passwd -d root'. Please note, this is not recommended and behave inconsistenly between applications. We use a trick in the shadow file to set a default password which never allow login by using this password. The special value '*' is used in the shadow file. We don't use '!', '!!', '!*' on purpose. The special '!' char, which should mean password locked (and not account locked) is interpreted by some applications (e.g. sshd) as an account locked and will prevent root login. This change was suggested by Lennart Poettering and Zbigniew Jedrzejewski-Szmek to security@archlinux.org. git-svn-id: file:///srv/repos/svn-packages/svn@382685 eb2447ed-0c53-47e4-bac8-5bc4a241df78
- Loading branch information
0320c90
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@seblu A change like this deserves an update to the wiki page (and possibly the "manual intervention step" news feed for the many people who have installation scripts, although this is just wishful thinking on my part) so that it's clear that it's a mandatory step unless you created a sudo enabled user. Otherwise setting a root password isn't strictly necessary. But failing to mention or warn (especially new users) that this is a required step can cause many hours of debugging and wondering why nothing is working when trying to login with root, because *"I never set a root password? is there a default one? Why isn't this working?"-scenario.
It's a good change, and a welcome one. But the information going out was very relaxed.
0320c90
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll also add that the sudo section of the wiki strongly warns that you can lock yourself out.. This is now default behavior without any such warnings. (again talking about the relax nature of the installation guide failing to mention this with the same dignity as the sudo section does).