Why there is no password to root under Recovery Mode?

Question

I am trying to understand this situation... Today I got a problem with de sudoers file since I modified and got problem whit this modification. So the only way to solve the problem was to modify the file using root in Recovery Mode.

And there is where the problem start.... no password was asked at all... so, just by choosing 2 options (Recovery Mode in Grub and Root in Recovery Mode), I've got access to all my system and all his files as a root.

This is very dangerous ! Anyone could easily erase important files or simply broke the entire system without any password/password/....

Is there any official communicate by Canonical about this ? It is simply an old forget feature or just something that no one want to change just because they don't want to ?

Answer 1

It's not a bug, it's a feature. Anyone with physical access to the machine can get your data and/ or modify it unless your partitions are encrypted.

Consider this case: you can boot a Live CD and be able to read and modify data without issues.

Another one: someone could open the case, take the disk out of it and plug it in another machine (USB dock, eSATA, etc.). Then it's again easy to read and modify the data.

If you want to disable creation of the recovery entry, edit /etc/default/grub, uncomment the GRUB_DISABLE_RECOVERY="true" line by removing the leading # character and run sudo update-grub. However, this does not make it impossible to boot into recovery mode since you can still edit the boot options by pressing E on an entry and add single to the kernel line.

The only way to protect against such an attack is by encrypting your whole disk using LUKS. I strongly recommend to do that especially for mobile devices such as a notebook. See How to truly secure a hard-drive?

Answer 2

Considering this is an old topic, being able to go into Recovery Mode & rooting saved my Desktop multiple times from crashes, corrupted driver installs (gpu) or any other problems where my desktop environment just wouldn't load at all.

I understand your concern, but you are overthinking it.

Like others in this topic said, anyone with physical access to the PC can do anything with it just by simply using an USB with ubuntu installed on it and they can access everything that's not encrypted.

Imagine other circumstances for example, a company had to lay off a system administrator, what if he changed passwords without telling the management about it and suddenly your new system administrator has no access to the entire system because the password has been changed and the person who did it is not responding. (It's hypothetical but very much possible and yes it does happen!)

There is probably SOME way to do this, I am not aware of one though, but considering all the factors, it is very much not necessary.

Point being, if you want to keep your files save, encrypt them and restrict physical access to the PC to only necessary administrators.

Most regular "newbies" to Linux probably wouldn't even know what to do with it, and if they did, you will probably find out if something doesn't work anymore or whatever and appropriate actions should be taken against that person.

I hope this answer helps others who come here.