0

When I installed Ubuntu Server 20.04.4 LTS, I never created a root account. I just have an admin account I believe it is.

I read that a root account is already there but the password needs to be set.

If I do not set the root password to something ridiculous and I get hacked, I assume the hacker would create the password and get in then I am in trouble, correct?

Tug
  • 21
  • 1
  • 4
  • 2
    Does this answer your question? [What is the default root password?](https://askubuntu.com/q/189907/) and [what happens if all users are set as standard while root password not set](https://askubuntu.com/questions/170274/what-happens-if-all-users-are-set-as-standard-while-root-password-not-set) – karel Mar 07 '22 at 01:56
  • 2
    Just because I need to be totally honest here: if you're hacked the *least* of your concerns will be 'can the hacker create a root password' and more "I've been hacked, now I need to reinstall and cancel all my bank accounts and cards and change all my passwords and better learn how to use the computer so I'm less vulnerable to hacks in the first place". Just saying. – Thomas Ward Mar 07 '22 at 02:05
  • It's just as bad to set a weak password on any user with sudo privileges. If someone on sudoers has their password leaked or brute forced, they can do just as much damage as if you set a root password that was hacked. – Nmath Mar 07 '22 at 02:54
  • More important question to ask yourself is: "Can a hacker figure out or brute force the password I have set?" Is it one of the millions of passwords all the hackers have access to? – user68186 Mar 07 '22 at 03:46

1 Answers1

3

A normal install of Ubuntu does not offer to set a root password. The root account is there (it MUST be there for a Linux system to work), but generally should not be used by humans. Use sudo instead.

Advice: Do NOT set a root password on an Ubuntu system. It's not necessary.

ONLY somebody with admin/root permission can create/reset the root password (but don't do it!) If your system is compromised so an attacker can access root, the "access root" part isn't your big problem. The "compromised" part is.

user535733
  • 58,040
  • 10
  • 106
  • 136