disabling root and olpc passwords

Bernardo Innocenti bernie at laptop.org
Sat Jan 12 20:09:04 EST 2008


Mikus Grinbergs wrote:

> The way I have my G1G1 system set up (I have no wireless) I *need* 
> to ftp in.  For that, I have set a password for olpc.  It would be 
> ok with me to set up a different user+password for ftp, but would 
> *not* be ok for password support to be "disabled".

No problem: just set a password with passwd for either root or
olpc.  You could even create new users if you want to.

Only, be careful when running the olpc-update script: it will
reset all your changes to the OS.


> Also, I don't believe in the "political correctness" of not using 
> root.

Me neither.  I login as root as much as I like on my
computers :-)


> I do need to install/remove/change things as root, and 
> *strongly* prefer not to use 'sudo' for that -- I log in as root, 
> and am willing to take the risk of committing a disastrous mistake. 
>   Here, too, having a password seems "natural" to me.

Sure.  To me to.  You and me are clearly not the kind of
audience for which we had to disable the passwords.  Thus,
you're free to re-enable them.


> I agree with the aim of making the OLPC simple to use, but please 
> don't take passwords away entirely.

You seem to be under the impression that we compiled-out
the ability to set passwords in the system.  That is not
true.

What we're actually doing is just to disable them in the
default installation so that malicious activities cannot
login as root or olpc and basically own the system.


> p.s.  I presume the existing 'passwd' command was taken from Fedora. 
>   It is too paranoid, forbidding too_short passwords, 
> too_homogeneous passwords, too_similar passwords, etc., etc., etc. 
> Such rules may be needed for a datacenter - but for a schoolroom?

Here at MIT the XOs have public, globally accessible IPs, and
the logs are full of ssh connections trying random passwords.

In deployments, we're using primarily IPv6 and I was under the
impression we will not need NAT gateways.

-- 
 \___/
 |___|   Bernardo Innocenti - http://www.codewiz.org/
  \___\  One Laptop Per Child - http://www.laptop.org/



More information about the Devel mailing list