UNIX System Administration Handbook - Evi Nemeth [33]
task has potential for abuse, so passwd requires users to prove that they know the current account password before it agrees to make the requested change.
3.2 THE SUPERUSER
The defining characteristic of the root account is its UID of 0. UNIX does not prevent you from changing the username on this account or from creating additional accounts whose UIDs are 0, but both actions are very bad ideas. Such changes have a tendency to create inadvertent breaches of system security. They also engender confusion and scorn when other people have to deal with the strange way you’ve configured your system.
UNIX permits the superuser (that is, any process whose effective UID is 0) to perform any valid operation on any file or process.3
In addition, some system calls (requests to the kernel) may be executed only by the superuser. Some examples of such restricted operations are:
• Changing the root directory of a process with chroot
• Creating device files
• Setting the system clock
• Raising resource usage limits and process priorities
• Setting the system’s hostname
• Configuring network interfaces
• Shutting down the system
An example of superuser powers is the ability of a process owned by root to change its UID and GID. The login program is a case in point; the process that prompts you for your password when you log in to the system initially runs as root. If the password and username that you enter are legitimate, login changes its UID and GID to your UID and GID and executes your shell. Once a root process has changed its ownerships to become a normal user process, it can’t recover its former privileged state.
3.3 CHOOSING A ROOT PASSWORD
The root password should be at least eight characters in length; seven-character passwords can be cracked quite easily. On some systems, it doesn’t help to use a password longer than eight characters because only the first eight are significant.
See page 666 for more information about password cracking.
It’s important that the root password be selected so as not to be easily guessed or discovered by trial and error. In theory, the most secure type of password consists of a random sequence of letters, punctuation, and digits. But because this type of password is hard to remember and usually difficult to type, it may not be optimally secure if administrators write it down or type it slowly.
Until recently, a password consisting of two randomly selected words separated by a punctuation mark was a pretty good compromise between security and memorability. Unfortunately, such passwords can now be cracked pretty quickly; we now advise against this scheme.
These days, we suggest that you form a root password by boiling down a phrase of “shocking nonsense,” defined by Grady Ward in an earlier version of the PGP Pass-phrase FAQ:
“Shocking nonsense” means to make up a short phrase or sentence that is both nonsensical and shocking in the culture of the user. That is, it contains grossly obscene, racist, impossible or otherwise extreme juxtapositions of ideas. This technique is permissible because the passphrase, by its nature, is never revealed to anyone with sensibilities to offend.
Shocking nonsense is unlikely to be duplicated anywhere because it does not describe a matter of fact that could be accidentally rediscovered by someone else. The emotional evocation makes it difficult for the creator to forget. A mild example of such shocking nonsense might be, “Mollusks peck my galloping genitals.” The reader can undoubtedly make up many far more shocking or entertaining examples for him or herself.
You can reduce such a phrase to an eight-character password by recording only the first letter of each word or by some similar transformation. Password security will be increased enormously if you include numbers, punctuation marks, and capital letters. (Some systems