Mint 19.3: Set The Root Password "Nag Screen" [resolved by mintreport 1.1.4]

Questions about applications and software
Forum rules
Before you post please read how to get help
User avatar
Night Wing
Level 4
Level 4
Posts: 338
Joined: Wed Dec 25, 2013 10:21 pm
Location: Texas, USA

Mint 19.3: Set The Root Password "Nag Screen" [resolved by mintreport 1.1.4]

Post by Night Wing »

I've got one of my four computers updated to 64 bit Linux Mint (Tricia) 19.3 Xfce. The only thing I've fuzzy on is this "nag screen" which I see everytime I turn on my computer. The prompt is "some problems were detected which require your attention". The nag screen wants me to "Set the root password".

I thought I had already set the password when I installed Mint 19.3 (Tricia).

Anyway the prompt wants me to set the root password by opening the terminal and typing: sudo passwd root

So I'm lost on this root "thingy" since I obviously don't understand what it wants me to do and I'm no fan of the terminal. Since my original password is not the answer, can I use the same password again or do I have to choose a different password?

Right now, I'm not a fan of this new feature either.
Last edited by karlchen on Mon Dec 30, 2019 9:24 am, edited 2 times in total.
Reason: Made topic sticky for 30 days, moved away from xfce to "Software & Applications"
Mint 20 (Ulyana) Xfce 64 Bit
gm10
Level 20
Level 20
Posts: 10999
Joined: Thu Jun 21, 2018 5:11 pm

Re: Set The Root Password "Nag Screen"

Post by gm10 »

You don't have to do anything really, there's no value in setting the root password. Instead there should be a link or button to ignore/acknowledge the message and it won't show again. I don't have that software installed so I'm not sure how it looks exactly.
wpshooter
Level 6
Level 6
Posts: 1089
Joined: Sun May 22, 2011 8:06 am

set root password warning on LM 19.3 update

Post by wpshooter »

What is this option shown as a warning of possible system problems relating to "root password not set" ?

Is the root password not the same password of the /home user of the computer that was setup during
the install of the OS, which is not normally used except at terminal "sudo" commands and other sensitive
system related tasks.

Can I just ignore that warning on 19.3 system analysis regarding root password not set ?

Thanks.
Mint 20 mate 64 bit.
SERVICE > competition
gm10
Level 20
Level 20
Posts: 10999
Joined: Thu Jun 21, 2018 5:11 pm

Re: set root password warning on 19.3 update

Post by gm10 »

wpshooter wrote:
Wed Dec 18, 2019 9:33 pm
Is the root password not the same password of the /home user of the computer that was setup during
the install of the OS, which is not normally used except at terminal "sudo" commands and other sensitive
system related tasks.
No, that is your user's password, in question here is the root user's password. root defaults to not having a login password, i.e. you cannot directly log in as the root user. If you add a login password to the root account then that becomes password.
wpshooter wrote:
Wed Dec 18, 2019 9:33 pm
Can I just ignore that warning on 19.3 system analysis regarding root password not set ?
Most definitely.
wpshooter
Level 6
Level 6
Posts: 1089
Joined: Sun May 22, 2011 8:06 am

Re: set root password warning on 19.3 update

Post by wpshooter »

What benefit (if any) would I get by setting a root password ?

And are you saying that if I did that, that root password and my user password would be one and the same ?

Thanks.
Mint 20 mate 64 bit.
SERVICE > competition
RIH
Level 5
Level 5
Posts: 816
Joined: Sat Aug 22, 2015 3:47 am

Re: set root password warning on 19.3 update

Post by RIH »

User Pjotr in his highly useful Easy Linux Tips
https://easylinuxtipsproject.blogspot.c ... urity.html

suggest that it is a useful Security addition to set the root password - but equally sensible to set it to the same as your own password.
Setting the Root Password
1.3. I
I admit that I have never bothered to do that, but will certainly will seriously consider it once I move over to 19.3 later this month...
User avatar
tdockery97
Level 14
Level 14
Posts: 5060
Joined: Sun Jan 10, 2010 8:54 am
Location: Mt. Angel, Oregon

Re: Set The Root Password "Nag Screen"

Post by tdockery97 »

Had the same thing nagging me. If I remember correctly I just removed the mintnotify package.
Mint Cinnamon 20
wpshooter
Level 6
Level 6
Posts: 1089
Joined: Sun May 22, 2011 8:06 am

Re: set root password warning on 19.3 update

Post by wpshooter »

RIH wrote:
Wed Dec 18, 2019 9:58 pm
User Pjotr in his highly useful Easy Linux Tips
https://easylinuxtipsproject.blogspot.c ... urity.html

suggest that it is a useful Security addition to set the root password - but equally sensible to set it to the same as your own password.

I admit that I have never bothered to do that, but will certainly will seriously consider it once I move over to 19.3 later this month...
Yes, I just found this, which is same as you are saying:

Set the root password
1.5.2. Starting with Linux Mint 18.2, the root password is unfortunately no longer set by default.

This means that a malicious person with physical access to your computer, can simply boot it into Recovery mode. In the recovery menu he can then select to launch a root shell, without having to enter any password. After which your system is fully his.

He can then do all kinds of nasty things. Like changing your own password....

But then my question now becomes, why would this not be done automatically by the system setup/OS install if this poses a security risk ???

Thanks.
Mint 20 mate 64 bit.
SERVICE > competition
RIH
Level 5
Level 5
Posts: 816
Joined: Sat Aug 22, 2015 3:47 am

Re: set root password warning on 19.3 update

Post by RIH »

I think that Pjotr is a bit of a "belts & braces" type of guy when it comes to security.

The Linux world, after all, is a bit of a 'it is your computer so your choice'... :D

I think that this is a typical case of that; you get the warning & can dismiss it or act on it - "up to you" as the say in my part of the world... :D
gm10
Level 20
Level 20
Posts: 10999
Joined: Thu Jun 21, 2018 5:11 pm

Re: set root password warning on 19.3 update

Post by gm10 »

wpshooter wrote:
Wed Dec 18, 2019 9:52 pm
What benefit (if any) would I get by setting a root password ?
None. Pjtor's advice is nonsensical because on his same site he also explains how to trivially get around that: https://easylinuxtipsproject.blogspot.c ... sword.html
wpshooter wrote:
Wed Dec 18, 2019 9:52 pm
And are you saying that if I did that, that root password and my user password would be one and the same ?
It would be whatever you set it to.
User avatar
Night Wing
Level 4
Level 4
Posts: 338
Joined: Wed Dec 25, 2013 10:21 pm
Location: Texas, USA

Re: Set The Root Password "Nag Screen"

Post by Night Wing »

gm10 wrote:
Wed Dec 18, 2019 9:04 pm
You don't have to do anything really, there's no value in setting the root password. Instead there should be a link or button to ignore/acknowledge the message and it won't show again.
Unfortunately, there is no "ignore this problem" button. The only button I have is, "I Understand" and I am not going to click on that button because that button is giving me bad vibes.

Right now, I'm so irritated I'm trying to delete the Systems Reports program, but I'm having no luck all. This nagging is the absolutely pitts every time I start the computer.
Mint 20 (Ulyana) Xfce 64 Bit
User avatar
smurphos
Level 17
Level 17
Posts: 7332
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher
Contact:

Re: Set The Root Password "Nag Screen"

Post by smurphos »

Just click I understand....all it does is dismisses the nag screen for good.

When you installed mint you recreated your normal user with a password. All linux systems also have the user root and by default in Mint that account is set with no password out of the box.

So some people think this creates a security risk because a third party with physical access to your machine can access a root shell from grub with no password requirement and effectively do what they like with your system. Setting a root password prevents that. However as gm10 implies it's a false sense of security as there are still other ways that a malicious third party with physical access to the machine can get access.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
User avatar
Moem
Level 20
Level 20
Posts: 11954
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Set The Root Password "Nag Screen"

Post by Moem »

smurphos wrote:
Thu Dec 19, 2019 3:44 am
So some people think this creates a security risk because a third party with physical access to your machine can access a root shell from grub with no password requirement and effectively do what they like with your system. Setting a root password prevents that. However as gm10 implies it's a false sense of security as there are still other ways that a malicious third party with physical access to the machine can get access.
I disagree with him on principle. More barriers means more security; even the flimsiest bicycle lock will prevent some cases of casual theft. Of course, better locks deter more or all thieves. But that doesn't mean that the flimsy lock has no value at all and you shouldn't be using it (assuming it comes at no cost or effort). Just don't think it will prevent theft in all cases.

I know that the lock on my front door can be picked*. I still close it. It protects me from burglars who aren't good lockpickers. And there are plenty of those.

*if you're a good lockpicker and have time.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
User avatar
Pjotr
Level 22
Level 22
Posts: 15895
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Set The Root Password "Nag Screen"

Post by Pjotr »

Moem wrote:
Thu Dec 19, 2019 3:58 am
I know that the lock on my front door can be picked*. I still close it. It protects me from burglars who aren't good lockpickers. And there are plenty of those.

*if you're a good lockpicker and have time.
https://www.youtube.com/watch?v=bC1P46HIcOQ

..... aaaand I'm in. :lol:

*makes mental note to self, to add protection against "kerntrekken", some time soon*

Jokes aside: I agree with Moem. For the reasons mentioned by her, I also advise to set the root password. For the sake of convenience I recommend to make it identical to your user password.
Tip: 10 things to do after installing Linux Mint 20 Ulyana
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
rene
Level 16
Level 16
Posts: 6693
Joined: Sun Mar 27, 2016 6:58 pm

Re: Set The Root Password "Nag Screen"

Post by rene »

There's an as far as I'm concerned far better reason for a root password than "security", and that's being able to quickly login as root on a virtual console when there's a problem with your user account so as to fix it from there. For example having typoed /etc/suoers. Yes, responders in this thread know how to e.g. boot into a root shell as well but Ctrl-Alt-F1 is a heck of a lot more convenient (and instructing users on e.g. this forum to do so quite certainly is).

Second, while decidedly not into security-paranoia generally, and to add to Moem's reply, it's not only those who "aren't good lockpickers" that a flimsy lock protects against; probably more than 99% of passers-by would not consider picking any lock, flimsy or not, whereas quite a few more would consider an unlocked bike an invitation and moral justification.

Thirdly and although admittedly at that point quickly more a user-password argument, back into the computer context we add in those who don't in fact have any intention of stealing the bike / breaching the computer but are simply incompetent. This is the sense in which an extremely and quite explicitly flimsy lock has been completely effective in protecting both my Linux systems and the Windows system they themselves use against a bunch of children for the better part of a decade now. The "password" is little more than a reminder they're about to do something I may not want them to; when it pops they call out to me...

As always, computer security for home-users is overwhelmingly not technology but psychology: I in that home-user context don't tend to buy the layering-argument even if only since just one layer tends to be enough to keep out those without explicitly bad intentions. If that's not already basically everyone with physical access to your computer you have bigger problems in/with your life than computer-passwords.
jjberk
Level 1
Level 1
Posts: 10
Joined: Wed Dec 23, 2015 2:49 pm

Re: Set The Root Password "Nag Screen"

Post by jjberk »

The warning about the root password is fine by me if correct. However, it showed up for me as well, and I DID set the root password. I think there is room for improvement here...
rene
Level 16
Level 16
Posts: 6693
Joined: Sun Mar 27, 2016 6:58 pm

Re: Set The Root Password "Nag Screen"

Post by rene »

Seconded, but it's going to be an issue to check if a root password is set without in fact becoming root first. I.e, I'd chalk that one up to "usability issue".
User avatar
smurphos
Level 17
Level 17
Posts: 7332
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher
Contact:

Re: Set The Root Password "Nag Screen"

Post by smurphos »

jjberk wrote:
Thu Dec 19, 2019 6:34 am
The warning about the root password is fine by me if correct. However, it showed up for me as well, and I DID set the root password. I think there is room for improvement here...
It doesn't check - as provided it is simply informational. Whether you have already set a root password, don't set a root password, or follow the advice to set a root password the warning will remain until you hit the 'I understand' button. Various people have reported during the beta that we think the feature is not worth having in this form (or at all in gm10's case) but we've got it and it will undoubtedly be the source of numerous forum queries in the months ahead.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
User avatar
Moem
Level 20
Level 20
Posts: 11954
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Set The Root Password "Nag Screen"

Post by Moem »

smurphos wrote:
Thu Dec 19, 2019 6:51 am
jjberk wrote:
Thu Dec 19, 2019 6:34 am
The warning about the root password is fine by me if correct. However, it showed up for me as well, and I DID set the root password. I think there is room for improvement here...
It doesn't check - as provided it is simply informational.
Or, in some cases, disinformational. Oh well. *clicks I understand*
I think a better text for that button would be 'don't show again'.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
gm10
Level 20
Level 20
Posts: 10999
Joined: Thu Jun 21, 2018 5:11 pm

Re: Set The Root Password "Nag Screen"

Post by gm10 »

smurphos wrote:
Thu Dec 19, 2019 6:51 am
Various people have reported during the beta that we think the feature is not worth having in this form (or at all in gm10's case) but we've got it and it will undoubtedly be the source of numerous forum queries in the months ahead.
Well, as you know my opposition was mainly about the expected confusion caused by the way it is being presented. Clem said he meant it to be informational, so I had suggested to put it on the welcome screen instead of creating a sense of urgency with that indiscriminate notification icon. But it is true that if it had been up to me I would not have added it anywhere, it does not add any value to the average user.

And for the record, I've always had a root password set myself as well, there is nothing wrong with doing that. I just entirely disagree with the reasoning presented in the nag screen.
Post Reply

Return to “Software & Applications”