CUPS Administrator Password

TxTechnician · February 29, 2024, 7:25pm

Do I need to define the root password? AFAIK there isn’t one by defualt

deano_ferrari · March 3, 2024, 1:05am

By default the CUPS system group is root (defined in /etc/cups/cups-files.conf), so the root password is applicable.

gogalthorp · March 3, 2024, 1:49pm

by default the root password is the same as the first users password unless set different

hcvv · March 3, 2024, 2:13pm

Which I would strongly advise.

pavinjoseph · March 3, 2024, 3:33pm

I believe there was an unchecked option to create separate root password in the installer.
Could you confirm this?

Also, could you describe the security benefits of a different password for root?
If my normal user with sudo privileges get hacked it can still lead to privilege escalation right?

hui · March 3, 2024, 3:38pm

Two different passwords increase security by default. root tasks/accounts should always be seperated from normal user tasks/accounts. ONLY use elevated rights for really necessary administration tasks.

The standard setup under openSUSE is that you need to provide the root password for sudo. So if you have different passwords, a compromised user account does not lead to a privilege escalation as the root pw is still unknown to the attacker. Having the same pw for user and root makes it easier for an attacker to take over your machine.

hcvv · March 3, 2024, 4:01pm

I do not know if it is checked or unchecked by default. In any case the default leads to having the same password for root as for the user created at installation. It is so already for years and a pain in the … for many with any knowledge of Unix/Linux and security.

pavinjoseph · March 3, 2024, 4:35pm

Oh, I did not know this. I always thought sudo asked for user password.
It seems to be the default after a cursory internet search, not sure how Suse overrides this behavior, perhaps Suse uses its own patched version of sudo?

malcolmlewis · March 3, 2024, 4:38pm

@pavinjoseph the default is checked, but there is minimal configuration for sudo in openSUSE, as in not necessarily configured as on some other distributions. I think there were some sudo changes recently, but since it’s only ever used for one task here (building packages with osc), YMMV.

hcvv · March 3, 2024, 4:43pm

The question is: for which password.

In some configurations it asks for the password of the user typing the sudo command, to confirm it is still him and not some imposter that walks by.

In other configurations it asks for the root password. But when both are the same, it is then difficult to see the difference

BTW, having the same password for root and that infamous user, is not specific to sudo. (I never use sudo). But it influences of course also sudo when used to “become root”.

system · April 2, 2024, 4:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.