root password

[liudr]

This is extremely noob question. I don't remember I was given a chance to set root password when I was setting up my Raspbian from downloaded image. I tried my pi account password and it didn't work. How do I get access to root account?

[rpdom]

The root password is disabled.

Use sudo as the pi user to run commands as root.

If you really want to become root for any length of time, use sudo -i, then exit (or Ctrl-D) to go back to the pi account.

[solar3000]

sudo passwd root

[yesyayen]

boot into runlevel 1 and you will get terminal with root access.

There you can change root's password

$ sudo init 1
//after booting into runlevel 1
$ passwd

[redhawk]

Or alternative sudo su can get you logged into root without the use of a password.

Richard S.

[rpdom]

Or alternative sudo su can get you logged into root without the use of a password.

Richard S.

Yep, that's pretty much the same as what "sudo -i" does

[Joe Schmoe]

Yep, that's pretty much the same as what "sudo -i" does...

Or "sudo bash" or "sudo csh" or "sudo rc" or ...

I.e., I think the point he was making was that you don't need to go into single user mode, as long as you can sudo (from the regular runlevel)

[liudr]

Great! Many thanks! I got a root terminal with sudo su. So if root has no password, then is the RPI vulnerable to attacks?!

[technion]

Nope. The root user password is not "empty", it's "disabled". The difference being that the root user can't be directly logged on unless you decide to give it a password. This is a more secure configuration than allowing direct logon as root.

[itimpi]

Probably the greatest security risk is that all Pi's start with the same username/password combination of pi/raspberry and many users probably do not reset the password to be something not generally unknown.

[liudr]

Thanks. Now everything makes sense. I'll just leave the root the way it was set up.

[Kloktek]

To access root account try one of these three commands.
Sudo su
Sudo passwd root
Sudowhoami

[weeowey]

(In a terminal window or prompt, type:

Code: Select all

sudo su

This lets you login as the 'Root' user on most or all Linux 'Distros'.
If you want to 'fully login' as root, like getting access to the "SYSTEM" account on windows, type in this in any terminal prompt or window:

Code: Select all

sudo su
startx

This will start the X Window System (aka X11) GUI(s) and will allow you to pretty much do anything without having to type in a password! You can even delete critical system files, SO BE CAREFUL!!!!

'Nuff said,
Hope this helps anyone in the near, past or distant future!


I'm new to Raspberry Pi, but i'm not new to linux! [Insert Linux Opensource ftw stuff here] and maybe leave feedback if you can

[Richard-TX]

The first things I do when I bring up a new RpI is:

- assign a root passwd
- disable the pi account (passwd -l pi)
- add my own account
- install ksh
-edit /etc/passwd so that all shells are ksh, not bash
- rename bash to bash.old
- link dash to bash
- chmod 0000 bash.old

[Richard-TX]

Nope. The root user password is not "empty", it's "disabled". The difference being that the root user can't be directly logged on unless you decide to give it a password. This is a more secure configuration than allowing direct logon as root.

That is debatable and is a statement I do not agree with.

[Joe Schmoe]

Nope. The root user password is not "empty", it's "disabled". The difference being that the root user can't be directly logged on unless you decide to give it a password. This is a more secure configuration than allowing direct logon as root.

That is debatable and is a statement I do not agree with.

Indeed. There is a tendency on forums in general and this forum in particular, to give out the canonical answer to these sorts of questions (generally, security-oriented) even though those canonical answers are often (as in this case) nonsense. It's as if people believe that something bad will happen to them if they don't give out the canonical answer.

BTW, I gather from your last post that you really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really, really don't like bash. Is that correct?

In fact, it could be said that you really, really, really, really, really like to bash bash.

[Richard-TX]

Bash is a problem so I deal with it by removing it from the system. If thine eye offends thee....

[DougieLawson]

Bash is a problem so I deal with it by removing it from the system. If thine eye offends thee....

Anyone who chooses to use the Korn shell has to be a bit "East Ham"[1] in my book.








[1] http://www.urbandictionary.com/define.php?term=East+Ham

[Joe Schmoe]

(Liked the "East Ham" reference)

When it comes to talking about shells, I think there are two things driving the anti-bash sentiment:

• 1) When ksh came out, it was such a vast improvement over it's predecessor (plain old, unusable-for-interactive-use sh), that it inspired a devoted following. Even though it is clunky and kludgey compared to modern shells (tcsh & bash), there are some people who swear by it (such as Richard-Tx) simply because it was such an improvement over what existed prior.
  2) The recent spate of "bash bugs" (shellshock, etc), which suggests that bash is too csh-like (that is, actually usable by normal people) to be considered acceptable by the elites.

HTH, HAND.

[pluggy]

Personally, I fail to see how giving root access without a password to an ordinary user (pi) as with the default setup is more secure than having a password on root.....

The default Ubuntu configuration makes more sense, where the users password has to be entered again to gain access to sudo. Stops somebody hijacking a machine that's been left logged on unattended.

[Joe Schmoe]

Personally, I fail to see how giving root access without a password to an ordinary user (pi) as with the default setup is more secure than having a password on root.....

Yes, I've stated this several times previously. It can't possibly be more "secure" by any sensible definition of that term.

I think the current (weird IMHO) situation in Raspian is driven by some or all of the following:

• 1) Wanting it to be easy for the newbie user (as few barriers as possible). Basically, get them in the habit of preceding every (system-y) command with the magic 4 letters s, u, d, and u, and then things will just work.
  2) Wanting it to be compatible with upstream Debian/Ubuntu, which has, like it or not, drunk the sudo KoolAid. (Incidentally, ditto this comment for Jessie/systemd, which is going to be another disaster for the Pi support staff [that's us!])
  3) Wanting it to be as difficult as possible to run GUI apps as root (for "security" reasons).

[Tball2]

Hey guys. How do i SSH into a root account. I want to be able to transfer files into /etc/ but I cannot because you need root to do so. Any help is appreciated. Thanks

[nl3prc]

just go to /etc/ssh/sshd_config change the line as below
PermitRootLogin yes

[mfa298]

Hey guys. How do i SSH into a root account. I want to be able to transfer files into /etc/ but I cannot because you need root to do so. Any help is appreciated. Thanks

just go to /etc/ssh/sshd_config change the line as below
PermitRootLogin yes

The better option is to stick an ssh key into /root/.ssh/authorized_keys and set the PermitRootLogin setting to without-password. This means you can only log in externally as root with a valid ssh key. For added security you can specify in /root/.ssh/authorized_keys where the key can be used from and what commands it can run.

An alternate option could be done with ssh rather than scp and doesn't need a root login, e.g. something like (not tested)

Code: Select all

tar cf - etc-pi | ssh pi@raspberrypi "sudo tar -C /etc -xf - "

this will tar up the contents of etc-pi on the local system and stream it to stdout, the stdout is piped into an ssh session that runs extracts the tar stream as root on the pi. There's probably a couple of mistakes in there so test it carefully first.

[djx21]

If you give yourself root access by typing

Code: Select all

sudo visudo 

Then going down to # User privilege specification you can copy this

Code: Select all

root    ALL=(ALL:ALL) ALL

And change root to your username Ex. pi ALL=(ALL:ALL) ALL You can then save the document and clear the screen. After the document is saved type

Code: Select all

sudo passwd root

And choose the password you are willing to use for the root account. Finally log out of your account and log in as other. user name:root Password: the password you chose and voila your on the root account.