Why is the root password on Linux Mint my user password?
Solution 1
Mint 17.3
This looks like a deliberate decision in Linux Mint. I just freshly installed Mint 17.3 on a VM, and the root account has a password set in /etc/shadow. After changing my user password, su - accepts my previous user password.
I can't (yet) explain why though.
Mint 18.3
I've just done a fresh install of Mint 18.3, and I don't have a password set for my root account. sudo grep root /etc/shadow shows ! in the password field, which means that the account is locked.
Solution 2
try to use sudo -i to get root with your own password
Solution 3
By default root password is your user password, I guess that the reason is that its a much more secure approach when the password will be the one that is set by you (assuming its a good - difficult to hack password) rather than some well known password like "root" that is always in place by default and known over the Internet (security risk).
There is a good discussion about the topic on linuxmint.com forum - citing from there user karlchen:
During the Linux mint installation, you create your first user account. You assing a password to this first user. The installer silently assigns the same password to the user account root. That is does do so can be found in the Official Linux Mint User Guide as well. (cf. e.g. p. 20) So if you remember your initial user password, you know your root password as well. In case you change your user password later on, doing so will not change the root password.
Source - page 20 last paragraph: https://www.linuxmint.com/documentation/user-guide/Cinnamon/english_18.0.pdf
Related videos on Youtube
01 : 35
03 : 28
04 : 11
05 : 01
02 : 52
05 : 02
Comments
-
cxrodgers over 1 year
I did a fresh install of Linux Mint 18.1 and created a single user named "jack" with PASSWORD1 as the password. Later, I changed the password (using the "Users and Groups" graphical dialog) to PASSWORD2. Both logging in and using
sudonow require PASSWORD2, as expected.However, PASSWORD1 is still the password for the account
root. I can tell becausesu -andsu - rootreject PASSWORD2 but accept PASSWORD1.Isn't this a security flaw? Why did the root account silently copy my user password in the first place? If I knew my password was compromised and changed it, I wouldn't think to check that the root account was still using the compromised password.
In fact, I thought the root account was disabled on Linux Mint by default. See this question for instance: https://superuser.com/questions/323317/why-does-linux-ubuntu-mint-lack-a-root-account
Any reason not to disable the root account using
sudo passwd -l root? Why wasn't this done by default?Edits
@terdon I am fairly sure that I never ran
sudo passwdor even plainpasswdon this operating system.@Mark I checked and the only thing that comes back doesn't look relevant.
jack@gamma /var/log $ ls auth.log* auth.log auth.log.1 auth.log.2.gz auth.log.3.gz auth.log.4.gz jack@gamma /var/log $ zgrep passwd auth.log* auth.log.2.gz:Mar 9 17:56:07 gamma mdm[1695]: pam_succeed_if(mdm:auth): requirement "user ingroup nopasswdlogin" not met by user "jack" jack@gamma /var/log $ zgrep "password changed" auth.log* # nothing returnedEdit: I have filed a bug report with Linux Mint https://bugs.launchpad.net/linuxmint/+bug/1675575
Now that @Roger Lipscombe has confirmed this issue, I am going to add a bounty to the question.
-
terdon about 7 yearsThat does seem strange. Are you 100% sure you didn't active the root account by runningsudo passwdafter first installing but before changing passwords? -
Mark Plotnick about 7 yearsAlong those lines, can you look in your
/var/log/auth.log(and any older copies such asauth.log.1) for a line likepasswd[6434]: pam_unix(passwd:chauthtok): password changed for root? -
cxrodgers about 7 years@MarkPlotnick I've added this info to the question.
-
Nikhath K over 6 yearsIt turns out that I have exactly the same issue; Mint 17.1 upgraded to 17.3; As far as I know, I've never changed the root password.
-
-
cxrodgers over 6 yearsSo it sounds like you think this is a bug in Mint 17.3? Also can you explain what it means to have "!" in the password field?
-
cxrodgers almost 6 yearsThanks for the source! Does the source comment on whether the root password will be disabled by default?
-
lacostenycoder about 3 yearsthis worked for me in Linux Mint 20.1
