No root password

As an experiment, have done without a root password, meaning that there is no way to obtain root via sudo or su, since if user cannot access the root account by cracking a password, neither could malware in theory.

This leaves the issue of getting root access directly. The resolution I have used is to open up the system virtual consoles, so they automatically login as root on startup.

All this assumes the console is as safe as the system unit, such as a desktop pc next to its own keyboard and not in a security cage, or otherwise users with console access could rip open the system unit.

  1. --- /etc/systemd/system/getty@.service.d/autologin-root.conf
  2. +++ /etc/systemd/system/getty@.service.d/autologin-root.conf
  3. @@ -0,0 +1,3 @@
  4. +[Service]
  5. +ExecStart=
  6. +ExecStart=-/sbin/agetty --noclear --autologin root %I $TERM

It also means leaving the debug shell permanently enabled on F9 is quite reasonable.

Actually Disabling the password

Now the password can be removed in /etc/shadow, line begins root:*: with the * meaning that there is no such thing as a correct password for this account, which is important as without it means that access to the account does not require a password without limit to the source of the logins.

I am usually using X11 via gdm3 which runs sessions as the regular user, and if wanting to use a VT as a regular, switch in with login -f

root in X11

A root X11 terminal is useful sometimes, I am using the property that GDM launched Xorg from the root account.

This needs to be set off from a root VT, or perhaps a systemd event triggered by a safe key, and when open, appears on the desktop. There is the possibility this could be attacked via the window manager; though only while the terminal and things ran from it are open.

#!/bin/sh
export DISPLAY=:0.0
export XAUTHORITY=/var/run/gdm3/auth-for-Debian-gdm-*/database
exec gnome-terminal

Getting remote root

This is an exception to the absolute control over root access given that cracking long ssh keys and good passphrases should be difficult.

This is closing in on SSH public key and sometimes vlan and cec access.

Since encryption only provides difficult to crack and not mathematically impossible, it could be combined with impossible (if configured correctly) separation via protected channel flags like vlan or priority bits.

in sshd_config have used

Removing all priviledge escalation possibilties

It seems more secure to decend from root and lock oneself in, than to allow escalate privileges, so take applications like sudo off the system, ignoring the warning about not having a root password!

You have asked that the sudo package be removed, but no root password has been set. Without sudo, you may not be able to gain administrative privileges.

If you would prefer to access the root account with su(1) or by logging in directly, you must set a root password with "sudo passwd".

If you have arranged other means to access the root account, and you are sure this is what you want, you may bypass this check by setting an environment variable...

Having read the warning, can export the environment variable and then remove sudo.