Interesting comment from Ken Mayer on my post about root passwords:
No one should ever use â€œrootâ€ for anything except single-user mode emergencies and initial configuration. Make it a long string of random characters and store it in a safe or encrypted on a secure hard drive. Make it unique for every box. Then forget about it.
I didn’t frame my post very clearly at all. In some organisations, it’s appropriate for people to know root passwords. Most of the time, you shouldn’t use them. You should use sudo. Why?
Sudo is your best friend.
Sudo allows you to grant access to ordinary users, without having hand out passwords. Passwords are a good start for establishing identity (authentication), but not so good for controlling access to shared resources (like the root account of your server). Something is only a secret if one person knows it. If two people know it, there’s no secret. Three, and your mom knows.
Using sudo to allow your systems administrators or otherwise anointed people to gain access to the root prompt (or even better, just run the commands they need to) means that they each keep their own secret – their own password, which they use to inform the sudo command that they are who they say they are.
I’ve been using sudo since I first compiled it in 1999. I don’t even remember the root password of my main server. I’ve also broken the config badly enough that I have locked myself out of some systems, so I don’t recommend this strategy.
Sudo is now built into Linux, and Mac OS X. Sun distribute it for Solaris, but not in the default install. Solaris ships with RBAC, which is their own very fine grained version of sudo. Sorry, Windows users. You don’t have much more than ‘Run As’, as far as I know.
So if you’re using still using the root password every day, you’re being a little Disco. Sudo was written in 1980. But it’s time is now.