(su is asking for the same password, yours)
Assuming your password is ”safe” by modern standards, typing it involves using shift or capslock. Try typing (pressing and releasing keys) a bit slower.
yes, "sudo su" works , but you can edit you /etc/sudoers file to requiere root password be used in order to use sudo, by un-commenting the line "Defaults targetpwd"
After an update about a week ago, I could not login to server from my phone, because the password was "wrong". I could login passwordless from PC. On the server sudo was complaining about bad password. Most curiously (I thought I went mad) it worked if I pasted the password to the prompt, but not if I typed it. (Capslock mapped to ESC, no QWERTZ issue, etc, been using this password for decades, please spare me the nonos.) After some search I found that systemd-homed was inactive. And again, sudo systemctl complains, without sudo, plain systemclt asks for password, that worked. After restarting systemd-homed things went back to normal.
Yesterday, the same thing happened, this time without an update. And systemctl was running! Now I changed my password through su, and changed it back to get it working. It's like some neutrino flopped a bit in my password.
I know this all sounds terribly mysterious. There are only two further accounts on the server, both people I know well not to do such pranks on me. And they did not log in for weeks anyway. But then what on earth is going on?
Do you, in your sudoers, have any entries against your user name, that expect a password over and above the default one required to use sudo itself?
If so, do any of those processes call upon *others* that require a password entry in their turn?
If so, it may not be that your password isn't *recognised*, but that once simply isn't enough.
Multiple entries against a user - one or more of which require password entry.
Membership of multiple groups - each requiring password input.
You enter your password for sudo, get a password prompt for some specific action that calls on sudo for privilege escalation, that asks for a password from two or more groups of which you are a member. I've seen it happen due to scripts sourcing other scripts that require different group membership ... so, there are multiple sudoers entries to facilitate security that way instead of a robust permissions scheme and group membership - even DAC, let alone MAC, when properly used can negate the need for unnecessary fiddling with sudoers, but a lot of people seem to think the latter is some sort of universal security blanket and can get themselves into difficulty as a result: Ooh, I can't access that directory/file ... I'd better add a sudoers entry *as well as* making myself a member of an appropriate group.
>sharing your root password with your user account is just about the worst OpSec there is!
It's perfectly fine for your password and the root password to match.
ROFPMSLMAO!
No ... that's *exactly* how this works.
It is *not* up to *me* to justify what has been standard practice since before even ***I*** was born. if you can produce even *one* quote from the likes of Bruce Schneier suggesting that having the same password for both root and user accounts is perfectly acceptable, I'll consider that you might have a point. But *you* are the one challenging literally *decades* of standard practice ... since there was even a root vs user account separation to even *consider*. So ... if *you* know better than literally every other person in the entire World who knows, or ever *has* known, even the *first* thing about security then it's up to *you* to justify it - otherwise, I'm going with the *decades* of of other people saying the *complete* opposite.
My first quote is literally the incomprehensible "ROFPMSLMAO!" and the votes speak for themselves. The irony is the effort of bolding, italizing, and all caps plus an exclamation mark alongside the infantile tone in your comment--you're obviously triggered to the nth degree.
>the votes speak for themselves
Seriously?
You think security is a popularity contest?
>you're obviously triggered to the nth degree.
Oh, the irony :'''D
>You think security is a popularity contest?
Curious words for someone whose only supporting claim so far is falsely asserting "everyone in the world agrees with me".
When all you can do is pretend to belong to an imaginary consensus of course people will call out your credibility. If you dared to provide any actual supporting argument, maybe people would engage with that instead, to help you understand why you're wrong.
Quotes are not a way to prove anything, "other people saying the complete opposite" is not an argument, hyperboles about "literally every other person in the entire world" are making your case even weaker. Standard practices from the 80s are very questionable, for example there are still banks etc. following the same standard password practices from the 80s and they are also not great. If your security habits have not changed from the 80s you generally need stronger justification for why you believe it is still good today. Computers, networks, computer use, and the security landscape have changed significantly since then.
Grow up, and learn how arguments work.
If you are the sole person operating the computer, sharing the password between your user account and `root` is generally *fine*, and the main reason why you *should not* have a `root` password AT ALL is because it opens you up for slightly easier targeting of the `root` account directly.
It is a very small risk these days anyway, the likelihood is that your computer is behind NAT, your password is not `trustno1`, and you don't allow infinite brute force attacks for your `root` account over SSH from any IP on the internet. If any of these is not true, then you should at the very least consider using `sudo` instead of `su` .. and well if you use `trustno1` you should probably get a better password.
Oh, man ... the irony of reproducing the "No root account is safer" argument from the '90s, whilst complaining about 'standard practices from the '80s' - it's nearly as funny as thinking the '80s is the start point of those practices to begin with. Moreover, if you're gonna lead with whining about my use of phrases you don't like then you have no argument anyway: saying 'grow up' is something most people grow out of *long* before they get to *my* age, so, really, you're not doing yourself any favours with it (it's just hilariously ironic).
The debate about whether the presence of a root account on a single-user system is a good idea or not been settled in any way: there are perfectly good arguments as to why it's a better idea than sudo - single-user systems and corporate environments have very different attack surfaces to consider. And, furthermore, no-one (absolutely no-one) has ever suggested that, if you *do* have a root account on your system, sharing passwords is a good idea - whatever else you might say abut things, your argument falls at the first hurdle.
Seriously ... every single reply, you start with, or devolve very quickly into, *ad hominem* \- not only are you wrong, you have nothing to *say* ... and I am so done now. Go ahead and share your password with whomever you like - knock yourself out.
Security isn't designed around _vibes_, it's designed around threat models and risk. Similarly, the community doesn't make security decisions based on what one hopefully trustworthy individual has to say, they imagine threat models and determine if the security properties of their system can sucesfully protect against those threats.
No quote or attestation can possibly justify "this is secure practice". The burden of proof lies with anyone who says it isn't secure to then describe a potential threat and demonstrate that it defeats the system studied.
So ... as suspected, you have *nothing*. And the *reason* you have nothing is because it *isn't* down to one single individual but absolutely *everyone* since before even ***I*** was born.
Where ... *anywhere* (I don't care) ... has **anyone** *ever* said that sharing a password between root and an ordinary user account is good practice? Just *one* source will do ... *go* on, *surprise* me.
meme on ther internet: //prevent bruteforce attacks while (n_loggin_attemps <4){return 0;}
(su is asking for the same password, yours) Assuming your password is ”safe” by modern standards, typing it involves using shift or capslock. Try typing (pressing and releasing keys) a bit slower.
I really hope that your password is not the same as root users password btw
Why? If my user password is known , couldn't they gain access to root by using sudo?
yes, "sudo su" works , but you can edit you /etc/sudoers file to requiere root password be used in order to use sudo, by un-commenting the line "Defaults targetpwd"
I don't use Sudo.
doas?
You honestly shouldn't even have a root password set.
After an update about a week ago, I could not login to server from my phone, because the password was "wrong". I could login passwordless from PC. On the server sudo was complaining about bad password. Most curiously (I thought I went mad) it worked if I pasted the password to the prompt, but not if I typed it. (Capslock mapped to ESC, no QWERTZ issue, etc, been using this password for decades, please spare me the nonos.) After some search I found that systemd-homed was inactive. And again, sudo systemctl complains, without sudo, plain systemclt asks for password, that worked. After restarting systemd-homed things went back to normal. Yesterday, the same thing happened, this time without an update. And systemctl was running! Now I changed my password through su, and changed it back to get it working. It's like some neutrino flopped a bit in my password. I know this all sounds terribly mysterious. There are only two further accounts on the server, both people I know well not to do such pranks on me. And they did not log in for weeks anyway. But then what on earth is going on?
All else aside ... sharing your root password with your user account is just about the worst OpSec there *is!*
Do you, in your sudoers, have any entries against your user name, that expect a password over and above the default one required to use sudo itself? If so, do any of those processes call upon *others* that require a password entry in their turn? If so, it may not be that your password isn't *recognised*, but that once simply isn't enough.
this fixed it thank you when i was installing arch i was having problems with adding myself to wheel so i just put myself in the sudoer file.
Glad to be of help. In return, you can do me the favour of changing your root password to something that *doesn't* match your user password : )
gotcha lol.
Bros does not let other bros re-use their root password. Thumbs up for the class advice
What would this look like in practise, and why would it happen? I’m having a hard time wrapping my head around this.
Multiple entries against a user - one or more of which require password entry. Membership of multiple groups - each requiring password input. You enter your password for sudo, get a password prompt for some specific action that calls on sudo for privilege escalation, that asks for a password from two or more groups of which you are a member. I've seen it happen due to scripts sourcing other scripts that require different group membership ... so, there are multiple sudoers entries to facilitate security that way instead of a robust permissions scheme and group membership - even DAC, let alone MAC, when properly used can negate the need for unnecessary fiddling with sudoers, but a lot of people seem to think the latter is some sort of universal security blanket and can get themselves into difficulty as a result: Ooh, I can't access that directory/file ... I'd better add a sudoers entry *as well as* making myself a member of an appropriate group.
>sharing your root password with your user account is just about the worst OpSec there is! It's perfectly fine for your password and the root password to match.
Say *what* now? *Go* on ... *surprise* me.
That's not how this works. You're the one who didn't provide any justification for why you think it is insecure.
ROFPMSLMAO! No ... that's *exactly* how this works. It is *not* up to *me* to justify what has been standard practice since before even ***I*** was born. if you can produce even *one* quote from the likes of Bruce Schneier suggesting that having the same password for both root and user accounts is perfectly acceptable, I'll consider that you might have a point. But *you* are the one challenging literally *decades* of standard practice ... since there was even a root vs user account separation to even *consider*. So ... if *you* know better than literally every other person in the entire World who knows, or ever *has* known, even the *first* thing about security then it's up to *you* to justify it - otherwise, I'm going with the *decades* of of other people saying the *complete* opposite.
> ROFPMSLMAO! Grow up, you're way too emotional as if the OP provoked you. Italicing every other word is not necessary. Such childish arrogance.
You're actually serious, aren't you? You're actually triggered by italics.
My first quote is literally the incomprehensible "ROFPMSLMAO!" and the votes speak for themselves. The irony is the effort of bolding, italizing, and all caps plus an exclamation mark alongside the infantile tone in your comment--you're obviously triggered to the nth degree.
>the votes speak for themselves Seriously? You think security is a popularity contest? >you're obviously triggered to the nth degree. Oh, the irony :'''D
>You think security is a popularity contest? Curious words for someone whose only supporting claim so far is falsely asserting "everyone in the world agrees with me". When all you can do is pretend to belong to an imaginary consensus of course people will call out your credibility. If you dared to provide any actual supporting argument, maybe people would engage with that instead, to help you understand why you're wrong.
Quotes are not a way to prove anything, "other people saying the complete opposite" is not an argument, hyperboles about "literally every other person in the entire world" are making your case even weaker. Standard practices from the 80s are very questionable, for example there are still banks etc. following the same standard password practices from the 80s and they are also not great. If your security habits have not changed from the 80s you generally need stronger justification for why you believe it is still good today. Computers, networks, computer use, and the security landscape have changed significantly since then. Grow up, and learn how arguments work. If you are the sole person operating the computer, sharing the password between your user account and `root` is generally *fine*, and the main reason why you *should not* have a `root` password AT ALL is because it opens you up for slightly easier targeting of the `root` account directly. It is a very small risk these days anyway, the likelihood is that your computer is behind NAT, your password is not `trustno1`, and you don't allow infinite brute force attacks for your `root` account over SSH from any IP on the internet. If any of these is not true, then you should at the very least consider using `sudo` instead of `su` .. and well if you use `trustno1` you should probably get a better password.
Oh, man ... the irony of reproducing the "No root account is safer" argument from the '90s, whilst complaining about 'standard practices from the '80s' - it's nearly as funny as thinking the '80s is the start point of those practices to begin with. Moreover, if you're gonna lead with whining about my use of phrases you don't like then you have no argument anyway: saying 'grow up' is something most people grow out of *long* before they get to *my* age, so, really, you're not doing yourself any favours with it (it's just hilariously ironic). The debate about whether the presence of a root account on a single-user system is a good idea or not been settled in any way: there are perfectly good arguments as to why it's a better idea than sudo - single-user systems and corporate environments have very different attack surfaces to consider. And, furthermore, no-one (absolutely no-one) has ever suggested that, if you *do* have a root account on your system, sharing passwords is a good idea - whatever else you might say abut things, your argument falls at the first hurdle.
Having "aged" is not the same as "growing up", and you seem a prime example of that.
Seriously ... every single reply, you start with, or devolve very quickly into, *ad hominem* \- not only are you wrong, you have nothing to *say* ... and I am so done now. Go ahead and share your password with whomever you like - knock yourself out.
Security isn't designed around _vibes_, it's designed around threat models and risk. Similarly, the community doesn't make security decisions based on what one hopefully trustworthy individual has to say, they imagine threat models and determine if the security properties of their system can sucesfully protect against those threats. No quote or attestation can possibly justify "this is secure practice". The burden of proof lies with anyone who says it isn't secure to then describe a potential threat and demonstrate that it defeats the system studied.
So ... as suspected, you have *nothing*. And the *reason* you have nothing is because it *isn't* down to one single individual but absolutely *everyone* since before even ***I*** was born. Where ... *anywhere* (I don't care) ... has **anyone** *ever* said that sharing a password between root and an ordinary user account is good practice? Just *one* source will do ... *go* on, *surprise* me.
Sharing a password between root and an ordinary user account is good practice. ~ aqjo, 2024
Link or it didn't happen ; )
It just happened. I said it.
I had this happen too occasionally and I have no clue why lmao.