Since I cannot move all posts out of make starting browser more obvious I fully quoted them in this post instead.
Rava wrote: ↑10 Nov 2020, 03:53you know that the user can change the root password in the running system? if user did so telling him "toor" is the root password would be a mistake.
change the root password even via a script is possible- that holds the password only encrypted. here as example to set root password back to "toor":
User advice needed: welcome window at first boot for ver. 5.0 (Post by Rava #79540)
Nick_Levinson wrote: ↑11 Nov 2020, 03:54Okay; the repetition is optional. However, someone who has changed the root password at that stage is likely a more sophisticated user and the message I'm proposing is more for the newbie, such as someone running Porteus from a live disc made from a downloaded official .iso file. So, the reminder could be phrased thus: "If the root password has not been changed, the default password is . . . ."
By the way, the issue you raise also raises the issue of for whom the welcome help is intended. Users who change root passwords with scripts are probably not newbies to Linux.
And finally the last, to which I reply in here:Rava wrote: ↑11 Nov 2020, 05:15My trick of using the data as encrypted in /etc/shadow is only one way to conveniently change the root password. Simply using passwd is a more common one. And changing root password when the one in use is widely known all across the intertubes is not that much of a sign of a expert Linux user, just common sense when one takes security seriously.
Nick_Levinson wrote: ↑12 Nov 2020, 00:12It is a good idea, but that's beyond newbie level. See http://brittlebit.org/security/default- ... m-now.html (which I wrote).
That is such a high level of incompetence that I struggle deciding if one should cry about the utter lack of respect from privacy, or laugh at the sheer absurdity of stupidity rolled into one single occurrence.The Mayor of Los Angeles used to read the emails of many people. That was over a year ago. I don’t know if he ever did anything inside anyone else’s account other than read emails, like if he ever sent anything or changed settings. The city had switched to a new email provider, Gmail, and Gmail’s Google set up the accounts, giving everyone who worked for the City a default password. The same password.
But I disagree, people wanting to change the password by using the most obvious tool available - not my technique - I still consider a matter of basic sanity.