User avatar
jecxjo
Posts: 158
Joined: Sat May 19, 2012 5:22 pm
Location: Minneapolis, MN (USA)

Re: Changing root name on Pi

Fri Jun 15, 2012 4:11 pm

I agree with AndrewS, this is not a good idea. There are ways to get around your issue (setuid, password-less sudo, etc) but they all open you up to major security problems. With the Pi being so popular, the DDoS attack yesterday, you know crackers will be scanning the web to find these devices to add to their botnets.
xmpp: jecxjo@dukgo.com
Blog: http://jecxjo.motd.org/code

User avatar
D.E.L.B.
Posts: 92
Joined: Sat Jun 09, 2012 7:16 pm
Location: Wales, UK
Contact: Website

Re: Changing root name on Pi

Fri Jun 15, 2012 6:02 pm

Okay, best to leave it as it is!

Thanks.

User avatar
jojopi
Posts: 3225
Joined: Tue Oct 11, 2011 8:38 pm

Re: Changing root name on Pi

Fri Jun 15, 2012 6:37 pm

jecxjo wrote:There are ways to get around your issue (setuid, password-less sudo, etc) but they all open you up to major security problems. With the Pi being so popular, the DDoS attack yesterday, you know crackers will be scanning the web to find these devices to add to their botnets.
This borders on scaremongering. Most RasPis will be behind a router or firewall, not directly on the internet (let alone the web). And if one was directly on the internet, the important things would be to change the default password and restrict the methods of access, not to tighten the security of sudo for valid local users.

Password-less sudo is the default in the Foundation's Debian images. You have persuaded someone to disable that convenience even though it was separate to their actual request to change user name.

bredman
Posts: 1415
Joined: Tue Jan 17, 2012 2:38 pm

Re: Changing root name on Pi

Sat Jun 16, 2012 10:15 am

It's just like the security warnings in Vista. They may be annoying but they are there for a good reason.

User avatar
jecxjo
Posts: 158
Joined: Sat May 19, 2012 5:22 pm
Location: Minneapolis, MN (USA)

Re: Changing root name on Pi

Sun Jun 17, 2012 5:34 pm

jojopi wrote:
jecxjo wrote:There are ways to get around your issue (setuid, password-less sudo, etc) but they all open you up to major security problems. With the Pi being so popular, the DDoS attack yesterday, you know crackers will be scanning the web to find these devices to add to their botnets.
This borders on scaremongering. Most RasPis will be behind a router or firewall, not directly on the internet (let alone the web). And if one was directly on the internet, the important things would be to change the default password and restrict the methods of access, not to tighten the security of sudo for valid local users.

Password-less sudo is the default in the Foundation's Debian images. You have persuaded someone to disable that convenience even though it was separate to their actual request to change user name.
I can understand that these are cheap, throw away, easily reformatted devices. So part of me agrees that setting up a super easy to use system is perfectly fine. But part of me thinks its better to teach people how to work with real-world systems, to be more secure in their daily lives. This way they learn to do things correctly.

If everyone was ingrained with safe and proper computer use then every Windows box would be constantly up to date. Everyone would install a virus scanner and a firewall and have them configured and up to date before they got online. Most of the web related issue we have would just go away. Maybe I'm wrong but if we get new users to start thinking about security then maybe we will never have the issues with Windows community has.

And really, is it that hard to use sudo and type in a password?
xmpp: jecxjo@dukgo.com
Blog: http://jecxjo.motd.org/code

User avatar
jecxjo
Posts: 158
Joined: Sat May 19, 2012 5:22 pm
Location: Minneapolis, MN (USA)

Re: Changing root name on Pi

Sun Jun 17, 2012 10:41 pm

And yes I see this post got derailed. I assumed (which I shouldn't have) that the reason the user wanted to change the root username to his own initials was because he wanted to run as the "Administrator" like one would in Windows.

As for the Foundation's default setup...sorry I just think its bad practice to have a setup where gaining access to a user account automatically gets you root access.
xmpp: jecxjo@dukgo.com
Blog: http://jecxjo.motd.org/code

Return to “Beginners”