Ubuntu – meant by “no password set” for root account (and otthers)

encryptionpasswordrootsudo

Several years back, we were more accustomed to changing to the root account using the su command. First, we switched to the root account, and then executed those root commands. Now we are more accustomed to using the sudo command.

But we know that the root account is there. We can readily find the home directory of user root.

$ ls -ld /root/
drwx------ 18 root root 4096 Oct 22 17:21 /root/

Now my point is, it is stated that "the root password in Ubuntu is left unset". Please see the answers to this question. Most of the answers
have something to this effect in the first paragraph. One or two answers further state that "the account is left disabled".

Now my (primary) questions are,

What is meant by an unset password? Is it blank? Is it null? Or something else more cryptic?
How does the account becomes enabled once I set password for it? (sudo password root)

In order get a better understanding, I checked the /etc/shadow file. Since I have already set a password for the root account, I can no longer see what is there (encrypted password). So, I created another account and left it disabled. The corresponding entry in the /etc/shadow file is,

testpassword:!:16020:0:99999:7:::

Now perhaps my above queries need to be changed to, what does an ! in password field mean? Other encrypted passwords are those very long cryptic strings. How come this encrypted form is only one character long? And does an account become disabled if I put an ! in
the (encrypted) password field?

Best Answer

What is meant by an unset password? Is it blank? Is it null? Or something else more cryptic?

Is just inexistent. Root account is disabled by default, hence it doesn't need password. So, what most resemblance has is undefined (in JavaScript) or (null) (other languages). It is just unset.

How does the account becomes enabled once I set password for it?

Actually, setting the password is just part of it, but doesn't enable the account. You need to enable the account using:

sudo usermod -U root

and then set the password with passwd.

what does an ! in password field mean?

Extracted from man shadow:

A password field which starts with a exclamation mark means that the password is locked. The remaining characters on the line represent the password field before the password was locked.

It could mean that the account is locked. But also:

If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means).

Either way, any account with ! can't log in with applications that use the shadow file.

How come this encrypted form is only one character long?

Is not encrypted. See above.

And does an account become disabled if I put an ! in the (encrypted) password field?

See above too.

Best Answer

Related Solutions

Ubuntu – Is it possible to unset root password

Ubuntu – ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)

Related Question