Well, I stumbled on this anomaly and it looks like others have too where
you can 'shoot yourself'. Get locked out and not be able to get back in.
And so far, there is no recovery, except logging in as root. There are
way too many shoddy tutorials on the web that lure users into pulling
the trigger. "sudo su" then down the page "xstart" BAM
I'd prefer to have more control over my guns rather than to have them go
off unintentionally.
Of course, change the Pi password and create a root password. Both
should be strong. Don't think I advised differently? Actually am tired
of helping people who did not take the simplest precautions right up front.
KEN;
perhaps you could advise the new Pi user just how to protect
themselves.... definitely NOT a popular subject on the web
73
Den
On 2/16/2017 11:08 AM, Jason KG4WSV wrote:
On Feb 16, 2017, at 9:19 AM, Den <[email protected]> wrote:
I'll let you explore how to create a root password, which I recommend.
Obviously those with more knowledge think we commoners, and the owner of the
Pi, should not use.
Well, the problem was that you shot yourself in the foot by running something
as root. Maybe they're onto something.
sudo is configured on by default for the pi user. Use of sudo instead of using
a full root shell (su or sudo bash) or even worse logging in a root is
considered best practice for security reasons. Using sudo allows minimal
privilege escalation to accomplish a task and consequently minimizes risk.
If your pi is to be exposed to the internet, or maybe even on a home network,
the passwords _should_ be changed for both the pi and root users. Default
passwords are extremely insecure - there are days when I see over 10k brute
force login attempts against a dozen or so systems, where attackers are looking
for me and my users to rely on default or dumb passwords.
-j
_______________________________________________
Xastir mailing list
[email protected]
http://xastir.org/mailman/listinfo/xastir
_______________________________________________
Xastir mailing list
[email protected]
http://xastir.org/mailman/listinfo/xastir
