Before I explain how to change the default password, its good to know about “Root SuperUser” and “sudo user” in Linux.
In any Linux, as also in any Ubuntu version, there is a SuperUser named root, the Windows equivalent of user in the Administrators group. The Root user can do anything and everything, and thus doing daily work as the SuperUser can be dangerous. You could do something incorrectly and destroy the whole system. Ideally, you run as a user that has only the privileges needed for the task at hand. In some cases, this is necessarily root, but most of the time it is a regular user.
By default Ubuntu does not set up a root password and therefore you don’t get the ability to log in as root. Instead, you are given the ability to perform tasks with superuser privileges using sudo.
This means that you cannot login as root directly or use the su command to become the root user. However, since the root account physically exists it is still possible to run programs with root-level privileges.
The sudo command allows authorized users to run certain programs as root without having to know the root password.
The below example will execute the whoami command as a root user. Replace the below whoami command with the command you wish to execute as root:
$ sudo whoami root
While you can create a password for the root account allowing you to log in as root with su, this isn’t the typical Ubuntu way of doing things. Instead Ubuntu expects that you will be using sudo.
Sudo is an alternative to giving people a root password in order to perform superuser duties. In a default Ubuntu install the person who installed the OS is given “sudo” permission by default.
Anybody with sudo permission may perform something “as a superuser” by pre-pending sudo to their command. For instance, to run apt-get dist-upgrade as a superuser, you could use:
$ sudo apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
By default, sudo will ask you for your own account password when executing the command. This helps security. The credentials are remembered for a few minutes, so if you have a few tasks to do with sudo, it will only ask you for your password on the first. When you run GUI programs that require root privileges, use graphical sudo (gksu / kdesudo) and you will also be prompted for your password.
Benefits of Using Sudo
There are a number of benefits for leaving root logins disabled by default in Ubuntu.
You can choose in advance which users have sudo access. There is no need for them to remember a root password, as they use their own password. If you have multiple users, you can give some user sudo permission or revoke someone’s superuser access by removing their sudo permission, without changing the root password and notifying everyone of a new password. You can even choose which commands a user is allowed to perform using sudo and which commands are forbidden for that user.
It avoids the “I can do anything” interactive login by default. You will be prompted for a password before major changes can happen.
Sudo adds a log entry of the commands run (in /var/log/auth.log). If someone messes things up, you can go back and see which commands were run.
Without a root password existing, it makes brute force attacks on the root account impossible. This is relevant if you allow login over SSH. Instead, an attacker would need to know a local account name.
Using a Root Shell
If you do not wish to use the sudo command every time you need to execute a command with root privileges you can gain the root shell by using the sudo command and its -i option:
$ sudo -i
$ sudo su
Note that your command prompt will change from $ to # which indicates that you are currently in a root shell. You are now acting as a superuser for every command. It’s a good security principle not to stay as a superuser for longer than necessary, just to lessen the possibility of accidentally causing some damage to the system.
Setting up / Changing Default Root Password
If you wish to change the default blank root password and set root password enter:
$ sudo passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Once the root password is set, you can login as root by using the su command:
$ su Password:
This is how we changed the default root password so we can now login and use Ubuntu as superuser, but remember to be very careful with using your computer this way.