So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.
Your home network is certainly less of a security risk due to both being a smaller target and (usually) needing to have fewer services available or ports open, so I would agree with you it’s acceptable for security to be more lax. Personally, I don’t find sudo to be less convenient than su; it’s even saved me from thoughtlessly running a dangerous command a time or two. Also, I try to keep my home network setup close to my work network until doing so gets in the way. If nothing else, this prevents me from getting used to a different way of doing things.
However, it’s your network. If you find that your way works better for you, by all means, configure your system in whatever way seems best to you!
How did we arrive at networking? I feel like we are on two completely different pages.
I was talking about your regular end user machines, what we usually call “desktop computers”. They are connected to the internet, but I don’t have any way to remotely login into those. And I have a single person per computer. There is no need to disable root passwords on these, seeing that Larry executed a command as root won’t provide any insight, I know that Larry is the only person who uses the machine. And it can complicate things in a sense that if Larry fatfingers his password three times and gets locked out, I’ll have to get into his filesystem somehow and remove tallies manually instead of just logging in as root and doing faillock --reset.
Sorry if I was unclear; what you’re saying is kind of my point. A computer without networking can still have risks, but they’re a lot lower. The standards of security can change with conditions. If you have a computer on an enterprise network, it should be very secure; if on your home network, more cavalier standards can make sense. If you have a computer without any networking whatsoever, being compromised is not impossible, but it’s much less likely unless you’re storing something quite extraordinary on the system. That’s why I referenced networks while talking about the configured security of an individual system. In general, I believe I was broadly agreeing with you.
So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.
Your home network is certainly less of a security risk due to both being a smaller target and (usually) needing to have fewer services available or ports open, so I would agree with you it’s acceptable for security to be more lax. Personally, I don’t find
sudoto be less convenient thansu; it’s even saved me from thoughtlessly running a dangerous command a time or two. Also, I try to keep my home network setup close to my work network until doing so gets in the way. If nothing else, this prevents me from getting used to a different way of doing things.However, it’s your network. If you find that your way works better for you, by all means, configure your system in whatever way seems best to you!
How did we arrive at networking? I feel like we are on two completely different pages.
I was talking about your regular end user machines, what we usually call “desktop computers”. They are connected to the internet, but I don’t have any way to remotely login into those. And I have a single person per computer. There is no need to disable root passwords on these, seeing that Larry executed a command as root won’t provide any insight, I know that Larry is the only person who uses the machine. And it can complicate things in a sense that if Larry fatfingers his password three times and gets locked out, I’ll have to get into his filesystem somehow and remove tallies manually instead of just logging in as root and doing
faillock --reset.Sorry if I was unclear; what you’re saying is kind of my point. A computer without networking can still have risks, but they’re a lot lower. The standards of security can change with conditions. If you have a computer on an enterprise network, it should be very secure; if on your home network, more cavalier standards can make sense. If you have a computer without any networking whatsoever, being compromised is not impossible, but it’s much less likely unless you’re storing something quite extraordinary on the system. That’s why I referenced networks while talking about the configured security of an individual system. In general, I believe I was broadly agreeing with you.