Linux – Why is the root password on Linux Mint the user password

linux-mintpasswdpasswordroot

I did a fresh install of Linux Mint 18.1 and created a single user named "jack" with PASSWORD1 as the password. Later, I changed the password (using the "Users and Groups" graphical dialog) to PASSWORD2. Both logging in and using sudo now require PASSWORD2, as expected.

However, PASSWORD1 is still the password for the account root. I can tell because su - and su - root reject PASSWORD2 but accept PASSWORD1.

Isn't this a security flaw? Why did the root account silently copy my user password in the first place? If I knew my password was compromised and changed it, I wouldn't think to check that the root account was still using the compromised password.

In fact, I thought the root account was disabled on Linux Mint by default. See this question for instance: https://superuser.com/questions/323317/why-does-linux-ubuntu-mint-lack-a-root-account

Any reason not to disable the root account using sudo passwd -l root? Why wasn't this done by default?

Edits

@terdon I am fairly sure that I never ran sudo passwd or even plain passwd on this operating system.

@Mark I checked and the only thing that comes back doesn't look relevant.

jack@gamma /var/log $ ls auth.log*
auth.log  auth.log.1  auth.log.2.gz  auth.log.3.gz  auth.log.4.gz

jack@gamma /var/log $ zgrep passwd auth.log*
auth.log.2.gz:Mar  9 17:56:07 gamma mdm[1695]: pam_succeed_if(mdm:auth): requirement "user ingroup nopasswdlogin" not met by user "jack"

jack@gamma /var/log $ zgrep "password changed" auth.log*
# nothing returned

Edit:
I have filed a bug report with Linux Mint
https://bugs.launchpad.net/linuxmint/+bug/1675575

Now that @Roger Lipscombe has confirmed this issue, I am going to add a bounty to the question.

Best Answer

Mint 17.3

This looks like a deliberate decision in Linux Mint. I just freshly installed Mint 17.3 on a VM, and the root account has a password set in /etc/shadow. After changing my user password, su - accepts my previous user password.

I can't (yet) explain why though.

Mint 18.3

I've just done a fresh install of Mint 18.3, and I don't have a password set for my root account. sudo grep root /etc/shadow shows ! in the password field, which means that the account is locked.

Related Solutions

Why user and root passwords cannot be empty on Linux

You can have users without passwords. It's just a very frowned upon practice.
The low level tools like passwd support it (passwd -d to make a password empty). But the high level friendly tools that are provided by the distribution are generally what don't allow it.

Linux – change root password back to user password

sudo by default asks for the calling user's password, but it can be configured to ask for either the password if root or the target user (which is also usually root).

The relevant configuration line would be Defaults rootpw or Defaults runaspw in /etc/sudoers, those would match the behaviour you describe. Removing them would reset the default behaviour. You should probably use visudo to edit the configuration file.

manual:

 rootpw            If set, sudo will prompt for the root password instead of the
                   password of the invoking user when running a command or edit‐
                   ing a file.  This flag is off by default.

 runaspw           If set, sudo will prompt for the password of the user defined
                   by the runas_default option (defaults to root) instead of the
                   password of the invoking user when running a command or edit‐
                   ing a file.  This flag is off by default.

If that was what sudo was configured to do, it means you have a password set for root, and the password can still be used to log in as root or change to root using su (not sudo). To disable/lock the password, you'd need to use e.g. that sudo passwd -dl root. The command is passwd, not password, for the same reasons all the other commands are so short. -d there deletes the old password hash, and -l adds a ! to lock the hash so that it's unusable.

This doesn't actually lock the whole account, it only makes the password unusable. You could still log in as root via SSH keys or such, but you probably have none installed.