Why is the root password on Linux Mint my user password?Verify password hash in bash script?Prevent root password change in ldap - debianWhy user and root passwords cannot be empty on Linux?Manjaro Linux — Can ONLY log in from root accountSolaris Prompting for old root password when changing root password with sudoroot password not working but can ssh via sudo user (centos)Linux Mint 18.1 Reset forgotten Admin password when I remember the root passwordCannot change linux passwordroot password not working when entering in Single-User ModeCannot reset root password via grubchange root password back to user password

How do electrons receive energy when a body is heated?

From an axiomatic set theoric approach why can we take uncountable unions?

Ballot RPC message

How is it possible to drive VGA displays at such high pixel clock frequencies?

Help understanding 1986 schematic for Rohde & Schwarz cryptographic key generator

Getting the || sign while using Kurier

Signed and unsigned numbers

For which categories of spectra is there an explicit description of the fibrant objects via lifting properties?

How do we create new idioms and use them in a novel?

Should I take out a loan for a friend to invest on my behalf?

How to resolve: Reviewer #1 says remove section X vs. Reviewer #2 says expand section X

In the late 1940’s to early 1950’s what technology was available that could melt ice?

What's the 'present simple' form of the word "нашла́" in 3rd person singular female?

(Codewars) Linked Lists - Remove Duplicates

Street obstacles in New Zealand

Outlet with 3 sets of wires

I reported the illegal activity of my boss to his boss. My boss found out. Now I am being punished. What should I do?

Is it possible that a question has only two answers?

Which situations would cause a company to ground or recall a aircraft series?

I am where you are now, too

Does "Until when" sound natural for native speakers?

Giving a career talk in my old university, how prominently should I tell students my salary?

Is it possible to avoid unpacking when merging Association?

Source permutation

Why is the root password on Linux Mint my user password?

Verify password hash in bash script?Prevent root password change in ldap - debianWhy user and root passwords cannot be empty on Linux?Manjaro Linux — Can ONLY log in from root accountSolaris Prompting for old root password when changing root password with sudoroot password not working but can ssh via sudo user (centos)Linux Mint 18.1 Reset forgotten Admin password when I remember the root passwordCannot change linux passwordroot password not working when entering in Single-User ModeCannot reset root password via grubchange root password back to user password

I did a fresh install of Linux Mint 18.1 and created a single user named "jack" with PASSWORD1 as the password. Later, I changed the password (using the "Users and Groups" graphical dialog) to PASSWORD2. Both logging in and using sudo now require PASSWORD2, as expected.

However, PASSWORD1 is still the password for the account root. I can tell because su - and su - root reject PASSWORD2 but accept PASSWORD1.

Isn't this a security flaw? Why did the root account silently copy my user password in the first place? If I knew my password was compromised and changed it, I wouldn't think to check that the root account was still using the compromised password.

In fact, I thought the root account was disabled on Linux Mint by default. See this question for instance: https://superuser.com/questions/323317/why-does-linux-ubuntu-mint-lack-a-root-account

Any reason not to disable the root account using sudo passwd -l root? Why wasn't this done by default?

Edits

@terdon I am fairly sure that I never ran sudo passwd or even plain passwd on this operating system.

@Mark I checked and the only thing that comes back doesn't look relevant.

jack@gamma /var/log $ ls auth.log*
auth.log auth.log.1 auth.log.2.gz auth.log.3.gz auth.log.4.gz

jack@gamma /var/log $ zgrep passwd auth.log*
auth.log.2.gz:Mar 9 17:56:07 gamma mdm[1695]: pam_succeed_if(mdm:auth): requirement "user ingroup nopasswdlogin" not met by user "jack"

jack@gamma /var/log $ zgrep "password changed" auth.log*
# nothing returned

Edit:
I have filed a bug report with Linux Mint
https://bugs.launchpad.net/linuxmint/+bug/1675575

Now that @Roger Lipscombe has confirmed this issue, I am going to add a bounty to the question.

edited Dec 2 '17 at 19:24

asked Mar 21 '17 at 20:40

cxrodgers

13118

3

That does seem strange. Are you 100% sure you didn't active the root account by running sudo passwd after first installing but before changing passwords?

– terdon♦
Mar 21 '17 at 20:52

1

Along those lines, can you look in your /var/log/auth.log (and any older copies such as auth.log.1) for a line like passwd[6434]: pam_unix(passwd:chauthtok): password changed for root ?

– Mark Plotnick
Mar 21 '17 at 21:09

@MarkPlotnick I've added this info to the question.

– cxrodgers
Mar 22 '17 at 23:30

@terdon I've responded. So if I can verify this for sure on a fresh install do you think it's a bug I should report?

– cxrodgers
Mar 22 '17 at 23:31

1

It turns out that I have exactly the same issue; Mint 17.1 upgraded to 17.3; As far as I know, I've never changed the root password.

– Roger Lipscombe
Nov 29 '17 at 9:48

add a comment |

However, PASSWORD1 is still the password for the account root. I can tell because su - and su - root reject PASSWORD2 but accept PASSWORD1.

In fact, I thought the root account was disabled on Linux Mint by default. See this question for instance: https://superuser.com/questions/323317/why-does-linux-ubuntu-mint-lack-a-root-account

Any reason not to disable the root account using sudo passwd -l root? Why wasn't this done by default?

Edits

@terdon I am fairly sure that I never ran sudo passwd or even plain passwd on this operating system.

@Mark I checked and the only thing that comes back doesn't look relevant.

jack@gamma /var/log $ ls auth.log*
auth.log auth.log.1 auth.log.2.gz auth.log.3.gz auth.log.4.gz

jack@gamma /var/log $ zgrep passwd auth.log*
auth.log.2.gz:Mar 9 17:56:07 gamma mdm[1695]: pam_succeed_if(mdm:auth): requirement "user ingroup nopasswdlogin" not met by user "jack"

jack@gamma /var/log $ zgrep "password changed" auth.log*
# nothing returned

Edit:
I have filed a bug report with Linux Mint
https://bugs.launchpad.net/linuxmint/+bug/1675575

Now that @Roger Lipscombe has confirmed this issue, I am going to add a bounty to the question.

edited Dec 2 '17 at 19:24

asked Mar 21 '17 at 20:40

cxrodgers

13118

3

That does seem strange. Are you 100% sure you didn't active the root account by running sudo passwd after first installing but before changing passwords?

– terdon♦
Mar 21 '17 at 20:52

1

Along those lines, can you look in your /var/log/auth.log (and any older copies such as auth.log.1) for a line like passwd[6434]: pam_unix(passwd:chauthtok): password changed for root ?

– Mark Plotnick
Mar 21 '17 at 21:09

@MarkPlotnick I've added this info to the question.

– cxrodgers
Mar 22 '17 at 23:30

@terdon I've responded. So if I can verify this for sure on a fresh install do you think it's a bug I should report?

– cxrodgers
Mar 22 '17 at 23:31

1

It turns out that I have exactly the same issue; Mint 17.1 upgraded to 17.3; As far as I know, I've never changed the root password.

– Roger Lipscombe
Nov 29 '17 at 9:48

add a comment |

However, PASSWORD1 is still the password for the account root. I can tell because su - and su - root reject PASSWORD2 but accept PASSWORD1.

In fact, I thought the root account was disabled on Linux Mint by default. See this question for instance: https://superuser.com/questions/323317/why-does-linux-ubuntu-mint-lack-a-root-account

Any reason not to disable the root account using sudo passwd -l root? Why wasn't this done by default?

Edits

@terdon I am fairly sure that I never ran sudo passwd or even plain passwd on this operating system.

@Mark I checked and the only thing that comes back doesn't look relevant.

jack@gamma /var/log $ ls auth.log*
auth.log auth.log.1 auth.log.2.gz auth.log.3.gz auth.log.4.gz

jack@gamma /var/log $ zgrep passwd auth.log*
auth.log.2.gz:Mar 9 17:56:07 gamma mdm[1695]: pam_succeed_if(mdm:auth): requirement "user ingroup nopasswdlogin" not met by user "jack"

jack@gamma /var/log $ zgrep "password changed" auth.log*
# nothing returned

Edit:
I have filed a bug report with Linux Mint
https://bugs.launchpad.net/linuxmint/+bug/1675575

Now that @Roger Lipscombe has confirmed this issue, I am going to add a bounty to the question.

edited Dec 2 '17 at 19:24

asked Mar 21 '17 at 20:40

cxrodgers

13118

However, PASSWORD1 is still the password for the account root. I can tell because su - and su - root reject PASSWORD2 but accept PASSWORD1.

In fact, I thought the root account was disabled on Linux Mint by default. See this question for instance: https://superuser.com/questions/323317/why-does-linux-ubuntu-mint-lack-a-root-account

Any reason not to disable the root account using sudo passwd -l root? Why wasn't this done by default?

Edits

@terdon I am fairly sure that I never ran sudo passwd or even plain passwd on this operating system.

@Mark I checked and the only thing that comes back doesn't look relevant.

jack@gamma /var/log $ ls auth.log*
auth.log auth.log.1 auth.log.2.gz auth.log.3.gz auth.log.4.gz

jack@gamma /var/log $ zgrep passwd auth.log*
auth.log.2.gz:Mar 9 17:56:07 gamma mdm[1695]: pam_succeed_if(mdm:auth): requirement "user ingroup nopasswdlogin" not met by user "jack"

jack@gamma /var/log $ zgrep "password changed" auth.log*
# nothing returned

Edit:
I have filed a bug report with Linux Mint
https://bugs.launchpad.net/linuxmint/+bug/1675575

Now that @Roger Lipscombe has confirmed this issue, I am going to add a bounty to the question.

linux-mint password root passwd

edited Dec 2 '17 at 19:24

asked Mar 21 '17 at 20:40

cxrodgers

13118

edited Dec 2 '17 at 19:24

asked Mar 21 '17 at 20:40

cxrodgers

13118

edited Dec 2 '17 at 19:24

asked Mar 21 '17 at 20:40

cxrodgers

13118

asked Mar 21 '17 at 20:40

cxrodgers

13118

asked Mar 21 '17 at 20:40

cxrodgers

13118

3

That does seem strange. Are you 100% sure you didn't active the root account by running sudo passwd after first installing but before changing passwords?

– terdon♦
Mar 21 '17 at 20:52

1

Along those lines, can you look in your /var/log/auth.log (and any older copies such as auth.log.1) for a line like passwd[6434]: pam_unix(passwd:chauthtok): password changed for root ?

– Mark Plotnick
Mar 21 '17 at 21:09

@MarkPlotnick I've added this info to the question.

– cxrodgers
Mar 22 '17 at 23:30

@terdon I've responded. So if I can verify this for sure on a fresh install do you think it's a bug I should report?

– cxrodgers
Mar 22 '17 at 23:31

1

It turns out that I have exactly the same issue; Mint 17.1 upgraded to 17.3; As far as I know, I've never changed the root password.

– Roger Lipscombe
Nov 29 '17 at 9:48

add a comment |

3

That does seem strange. Are you 100% sure you didn't active the root account by running sudo passwd after first installing but before changing passwords?

– terdon♦
Mar 21 '17 at 20:52

1

Along those lines, can you look in your /var/log/auth.log (and any older copies such as auth.log.1) for a line like passwd[6434]: pam_unix(passwd:chauthtok): password changed for root ?

– Mark Plotnick
Mar 21 '17 at 21:09

@MarkPlotnick I've added this info to the question.

– cxrodgers
Mar 22 '17 at 23:30

@terdon I've responded. So if I can verify this for sure on a fresh install do you think it's a bug I should report?

– cxrodgers
Mar 22 '17 at 23:31

1

It turns out that I have exactly the same issue; Mint 17.1 upgraded to 17.3; As far as I know, I've never changed the root password.

– Roger Lipscombe
Nov 29 '17 at 9:48

That does seem strange. Are you 100% sure you didn't active the root account by running sudo passwd after first installing but before changing passwords?

– terdon♦
Mar 21 '17 at 20:52

Along those lines, can you look in your /var/log/auth.log (and any older copies such as auth.log.1) for a line like passwd[6434]: pam_unix(passwd:chauthtok): password changed for root ?

– Mark Plotnick
Mar 21 '17 at 21:09

@MarkPlotnick I've added this info to the question.

– cxrodgers
Mar 22 '17 at 23:30

@terdon I've responded. So if I can verify this for sure on a fresh install do you think it's a bug I should report?

– cxrodgers
Mar 22 '17 at 23:31

It turns out that I have exactly the same issue; Mint 17.1 upgraded to 17.3; As far as I know, I've never changed the root password.

– Roger Lipscombe
Nov 29 '17 at 9:48

add a comment |

3 Answers
3

active

oldest

votes

+50

Mint 17.3

This looks like a deliberate decision in Linux Mint. I just freshly installed Mint 17.3 on a VM, and the root account has a password set in /etc/shadow. After changing my user password, su - accepts my previous user password.

I can't (yet) explain why though.

Mint 18.3

I've just done a fresh install of Mint 18.3, and I don't have a password set for my root account. sudo grep root /etc/shadow shows ! in the password field, which means that the account is locked.

edited Dec 10 '17 at 19:49

answered Nov 29 '17 at 10:25

Roger Lipscombe

816724

So it sounds like you think this is a bug in Mint 17.3? Also can you explain what it means to have "!" in the password field?

– cxrodgers
Dec 9 '17 at 18:58

add a comment |

By default root password is your user password, I guess that the reason is that its a much more secure approach when the password will be the one that is set by you (assuming its a good - difficult to hack password) rather than some well known password like "root" that is always in place by default and known over the Internet (security risk).

There is a good discussion about the topic on linuxmint.com forum - citing from there user karlchen:

During the Linux mint installation, you create your first user account. You assing a password to this first user.
The installer silently assigns the same password to the user account root.
That is does do so can be found in the Official Linux Mint User Guide as well. (cf. e.g. p. 20)
So if you remember your initial user password, you know your root password as well.
In case you change your user password later on, doing so will not change the root password.

Source - page 20 last paragraph: https://www.linuxmint.com/documentation/user-guide/Cinnamon/english_18.0.pdf

edited Aug 11 '18 at 21:55

answered Aug 11 '18 at 21:20

mk4965

487

Thanks for the source! Does the source comment on whether the root password will be disabled by default?

– cxrodgers
Aug 13 '18 at 16:03

add a comment |

try to use sudo -i to get root with your own password

answered 1 hour ago

user341098

New contributor

add a comment |

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f352940%2fwhy-is-the-root-password-on-linux-mint-my-user-password%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

3 Answers
3

active

oldest

votes

3 Answers
3

active

oldest

votes

+50

Mint 17.3

I can't (yet) explain why though.

Mint 18.3

edited Dec 10 '17 at 19:49

answered Nov 29 '17 at 10:25

Roger Lipscombe

816724

So it sounds like you think this is a bug in Mint 17.3? Also can you explain what it means to have "!" in the password field?

– cxrodgers
Dec 9 '17 at 18:58

add a comment |

+50

Mint 17.3

I can't (yet) explain why though.

Mint 18.3

edited Dec 10 '17 at 19:49

answered Nov 29 '17 at 10:25

Roger Lipscombe

816724

So it sounds like you think this is a bug in Mint 17.3? Also can you explain what it means to have "!" in the password field?

– cxrodgers
Dec 9 '17 at 18:58

add a comment |

+50

Mint 17.3

I can't (yet) explain why though.

Mint 18.3

edited Dec 10 '17 at 19:49

answered Nov 29 '17 at 10:25

Roger Lipscombe

816724

Mint 17.3

I can't (yet) explain why though.

Mint 18.3

edited Dec 10 '17 at 19:49

answered Nov 29 '17 at 10:25

Roger Lipscombe

816724

edited Dec 10 '17 at 19:49

answered Nov 29 '17 at 10:25

Roger Lipscombe

816724

answered Nov 29 '17 at 10:25

Roger Lipscombe

816724

answered Nov 29 '17 at 10:25

Roger Lipscombe

816724

So it sounds like you think this is a bug in Mint 17.3? Also can you explain what it means to have "!" in the password field?

– cxrodgers
Dec 9 '17 at 18:58

add a comment |

So it sounds like you think this is a bug in Mint 17.3? Also can you explain what it means to have "!" in the password field?

– cxrodgers
Dec 9 '17 at 18:58

So it sounds like you think this is a bug in Mint 17.3? Also can you explain what it means to have "!" in the password field?

– cxrodgers
Dec 9 '17 at 18:58

add a comment |

There is a good discussion about the topic on linuxmint.com forum - citing from there user karlchen:

During the Linux mint installation, you create your first user account. You assing a password to this first user.
The installer silently assigns the same password to the user account root.
That is does do so can be found in the Official Linux Mint User Guide as well. (cf. e.g. p. 20)
So if you remember your initial user password, you know your root password as well.
In case you change your user password later on, doing so will not change the root password.

Source - page 20 last paragraph: https://www.linuxmint.com/documentation/user-guide/Cinnamon/english_18.0.pdf

edited Aug 11 '18 at 21:55

answered Aug 11 '18 at 21:20

mk4965

487

Thanks for the source! Does the source comment on whether the root password will be disabled by default?

– cxrodgers
Aug 13 '18 at 16:03

add a comment |

There is a good discussion about the topic on linuxmint.com forum - citing from there user karlchen:

During the Linux mint installation, you create your first user account. You assing a password to this first user.
The installer silently assigns the same password to the user account root.
That is does do so can be found in the Official Linux Mint User Guide as well. (cf. e.g. p. 20)
So if you remember your initial user password, you know your root password as well.
In case you change your user password later on, doing so will not change the root password.

Source - page 20 last paragraph: https://www.linuxmint.com/documentation/user-guide/Cinnamon/english_18.0.pdf

edited Aug 11 '18 at 21:55

answered Aug 11 '18 at 21:20

mk4965

487

Thanks for the source! Does the source comment on whether the root password will be disabled by default?

– cxrodgers
Aug 13 '18 at 16:03

add a comment |

There is a good discussion about the topic on linuxmint.com forum - citing from there user karlchen:

During the Linux mint installation, you create your first user account. You assing a password to this first user.
The installer silently assigns the same password to the user account root.
That is does do so can be found in the Official Linux Mint User Guide as well. (cf. e.g. p. 20)
So if you remember your initial user password, you know your root password as well.
In case you change your user password later on, doing so will not change the root password.

Source - page 20 last paragraph: https://www.linuxmint.com/documentation/user-guide/Cinnamon/english_18.0.pdf

edited Aug 11 '18 at 21:55

answered Aug 11 '18 at 21:20

mk4965

487

There is a good discussion about the topic on linuxmint.com forum - citing from there user karlchen:

During the Linux mint installation, you create your first user account. You assing a password to this first user.
The installer silently assigns the same password to the user account root.
That is does do so can be found in the Official Linux Mint User Guide as well. (cf. e.g. p. 20)
So if you remember your initial user password, you know your root password as well.
In case you change your user password later on, doing so will not change the root password.

Source - page 20 last paragraph: https://www.linuxmint.com/documentation/user-guide/Cinnamon/english_18.0.pdf

edited Aug 11 '18 at 21:55

answered Aug 11 '18 at 21:20

mk4965

487

edited Aug 11 '18 at 21:55

answered Aug 11 '18 at 21:20

mk4965

487

answered Aug 11 '18 at 21:20

mk4965

487

answered Aug 11 '18 at 21:20

mk4965

487

Thanks for the source! Does the source comment on whether the root password will be disabled by default?

– cxrodgers
Aug 13 '18 at 16:03

add a comment |

Thanks for the source! Does the source comment on whether the root password will be disabled by default?

– cxrodgers
Aug 13 '18 at 16:03

Thanks for the source! Does the source comment on whether the root password will be disabled by default?

– cxrodgers
Aug 13 '18 at 16:03

add a comment |

try to use sudo -i to get root with your own password

answered 1 hour ago

user341098

New contributor

add a comment |

try to use sudo -i to get root with your own password

answered 1 hour ago

user341098

New contributor

add a comment |

try to use sudo -i to get root with your own password

answered 1 hour ago

user341098

New contributor

try to use sudo -i to get root with your own password

answered 1 hour ago

user341098

New contributor

answered 1 hour ago

user341098

New contributor

answered 1 hour ago

user341098

answered 1 hour ago

user341098

New contributor

user341098 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Unix & Linux Stack Exchange!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

-linux-mint, passwd, password, root

搜尋此網誌

Ttyjfyk

3 Answers
3

Mint 17.3

Mint 18.3

Your Answer

Post as a guest

3 Answers
3

3 Answers
3

Mint 17.3

Mint 18.3

Mint 17.3

Mint 18.3

Mint 17.3

Mint 18.3

Mint 17.3

Mint 18.3

Post as a guest

Popular posts from this blog

3 Answers 3

Mint 17.3

Mint 18.3

Your Answer

Sign up or log in

Post as a guest

Post as a guest

3 Answers 3

3 Answers 3

Mint 17.3

Mint 18.3

Mint 17.3

Mint 18.3

Mint 17.3

Mint 18.3

Mint 17.3

Mint 18.3

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

3 Answers
3

3 Answers
3

3 Answers
3