Debian – How to remove root password on Debian

debianpasswordroot

I'm running Debian in a virtual machine and for convenience I would like to remove the password on root (since it doesn't really matter what happens to this box). Internet hasn't been too helpful on this one, which I suppose is OK because this is not normally something you'd want to do!

I tried passwd -d root, but su won't accept the empty password. I assume there is some sort of PAM policy blocking me, but I haven't been able to find a working solution. Any help appreciated!

(Just to clarify: I don't want to always run as root. I'd like a little bit of accident proofing in case I spaz out and rm -rf /. Just, when I'm ready to run as root, I don't want to be second guessed.)

Edit: I also know about the sudoers hack. I'm just curious to find out what in Debian is blocking this.

Best Answer

I totally agree this is a bad thing to do. But it can be done in debian by doing as you have done passwd -d root to clear the password then editing /etc/pam.d/common-auth. Find the pam_unix.so line and add nullok to the end if its not there or change nullok_secure to be just nullok if yours says nullok_secure.

This works on Debian Wheezy (and Squeeze).

Related Solutions

Another account with same uid as root gets prompted to set new password for root, not itself

If two accounts have the same user ID, then by definition they are the same account. It is possible, but not recommended, to have more than one line in /etc/passwd (or other user database) with the same user ID; they are the same user, with different ways to log in.

You were using an unsupported feature. The risk of using an unsupported feature is that it sometimes breaks when the system is upgraded.

Expiring password is usually bad for security, as it causes users to choose weaker passwords or write them down on a post-it note stuck to the monitor. The only security benefit to expiring passwords is to eventually lock out abandonned accounts. Since the abc account is presumably one that you use as part of some kind of regular task, don't expire it.

You should probably change this setup, as it's fragile. What to change it do depends on what you use the abc account for (who has the password, in what circumstances it's used, what's abc's shell, is it present on multiple machines, …).

Debian package naming convention

My understanding is that you want to distribute/deploy a package to multiple Debian based distributions.

In the Debian/Ubuntu world, you should not provide individual .deb file to download and install. Instead you should provide an APT repository. (in the Fedora/Red Hat/CentOS world I would make a similar advice to provide a YUM repository). Not only does is solves issue of how to name deb file, but repository is an effective way to provide newer version of your package, including bug-fix and security updates. Creating an APT repository is beyond the purpose of this page/question, just search for "how to setup an apt repository"

Now back to your question: "package naming convention":

When you generate the package with dpkg-buildpackage, the package will be named in a standard way. Quoting dpkg-name manpage:

A full package name consists of package_version_architecture.package-type as specified in the control file of the package.

package_version_architecture.package-type

The Debian Policy is the right place to know the syntax of the control files: name (for both Source and binary packages), version, architecture, package-type.

There is no provision to state the distribution, because this is not how the way thing goes.

If you need to compile the same version of a package for multiple distributions, you will change the version field (in the debian/changelog and debian/control file). Some people use the distribution name in the version field. for example openssl:

0.9.8o-4squeeze14 
1.0.1e-2+deb7u14
1.0.1k-1

If that's what you want to do, make sure to read debian-policy about debian_revision in version.

Best Answer

Related Solutions

Another account with same uid as root gets prompted to set new password for root, not itself

Debian package naming convention

Related Question