Как отключить пароль в ubuntu
Перейти к содержимому

Как отключить пароль в ubuntu

  • автор:

Отключение запроса пароля при входе через GDM/LightDM для некоторых пользователей

Если пользователей несколько и нужно сделать вход без пароля для всех, т.е. выбор учётки и вход по Enter, то следует добавить нужных пользователей в соответствующую группу:

Ubuntu 10.04 и последующие версии

Начиная с Ubuntu 10.04 в свойствах пользователя появилась возможность разрешить вход в систему без пароля. Для того, чтобы воспользоваться этой возможностью, загляните в меню Система→Администрирование→Пользователи и группы

Ручное изменение конфигурации (Ubuntu 9.10 и старше)

Открываем и редактируем файл /etc/pam.d/gdm командой:

Добавляем в файл следующую строку:

Должен получиться файл примерно следующего содержания:

Сохраняем изменения Ctrl + Shift и закрываем редактор.

Затем создаем файл /etc/X11/gdm/nopassusers.txt для этого вводит в терминал команду:

В файл необходимо занести имена пользователей, которые могут входить без пароля, каждый пользователь в новой строке. Пример:

При входе в систему — один щелчок по иконке пользователя, пароль вводить не требуется.

How to disable login password [duplicate]

I am the only user on my PC and do not want to enter my password. How do I disable? I do not want to enter a password every time my screen saver starts or I install any aps.

Ravexina's user avatar

2 Answers 2

You can disable the password lock from the screen saver by opening a terminal and running gsettings set org.gnome.desktop.screensaver lock-enabled false .

Open the terminal window by pressing Ctrl + Alt + T and run the command:

Find the line that says:

And change it to:

Save and exit the file

I must warn you though that disabling all security prompts could pose a major security risk and is extremely inadvisable.

ubuntu снять пароль

Поставил на старый ноут ubuntu 10.04, поставил кодеки на видео, и отправил на дачу деду фильмы смотреть. А там каждый раз включается экран блокировки и просит ввести пароль, надо объяснить по телефону как его снять. С задачей открыть терминал и ввести passwd хоть и за пол часа, но дед справился. Но passwd просит пароль не менее 6-ти символов, а надо бы его вобще снять(на безопасность пофигу). И еще желательно вовсе отключить экран блокировки.

> С задачей открыть терминал и ввести passwd хоть и за пол часа, но дед справился. Но passwd просит пароль не менее 6-ти символов

sudo passwd username

В таком варианте должен забить болт на количество символов

Экран блокировки — это в настройках скринсейвера, если я верно понял.

1. Alt-F1 -> System -> Preferences -> Screensaver.
2. Снять галочку «требовать пароль».

sudo apt-get purge gnome-screensaver

Причём здесь смена пароля пользователя?

Делаем автоматический вход:

Система — Администрирование — Экран входа в систему — Автоматически войти под именем пользователя

Отключаем запрос пароля при просывание или скринсейвере:

Параметры — Хранитель экрана —Снять галочку Блокироввать экран при активном х.э.

И навсякий Alt+f2 — gconf-editor — ищем gnome-power-manager — lock

и отключаем hibernate и suspend

Спасибо. Проблема решилась настройкой скринсервера
Кстати при указании имени пользователя в passwd он забивает болт на длинну пароле, но пустой пароль поставить нельзя

не ставьте пустого пароля! Лучше запретите ввода его в скринсейвере и настройте автологин

> при указании имени пользователя в passwd он забивает болт на длинну пароле, но пустой пароль поставить нельзя

пустой пароль ставится редактированием файла /etc/shadow , что-то вроде

> Кстати при указании имени пользователя в passwd он забивает болт на длинну пароле, но пустой пароль поставить нельзя

> пустой пароль ставится редактированием файла /etc/shadow , что-то вроде

User Management

User management is a critical part of maintaining a secure system. Ineffective user and privilege management often lead many systems into being compromised. Therefore, it is important that you understand how you can protect your server through simple and effective user account management techniques.

Where is root?

Ubuntu developers made a conscientious decision to disable the administrative root account by default in all Ubuntu installations. This does not mean that the root account has been deleted or that it may not be accessed. It merely has been given a password hash which matches no possible value, therefore may not log in directly by itself.

Instead, users are encouraged to make use of a tool by the name of ‘sudo’ to carry out system administrative duties. Sudo allows an authorized user to temporarily elevate their privileges using their own password instead of having to know the password belonging to the root account. This simple yet effective methodology provides accountability for all user actions, and gives the administrator granular control over which actions a user can perform with said privileges.

If for some reason you wish to enable the root account, simply give it a password:

Sudo will prompt you for your password, and then ask you to supply a new password for root as shown below:

To disable the root account password, use the following passwd syntax:

You should read more on Sudo by reading the man page:

By default, the initial user created by the Ubuntu installer is a member of the group sudo which is added to the file /etc/sudoers as an authorized sudo user. If you wish to give any other account full root access through sudo, simply add them to the sudo group.

Adding and Deleting Users

The process for managing local users and groups is straightforward and differs very little from most other GNU/Linux operating systems. Ubuntu and other Debian based distributions encourage the use of the ‘adduser’ package for account management.

To add a user account, use the following syntax, and follow the prompts to give the account a password and identifiable characteristics, such as a full name, phone number, etc.

To delete a user account and its primary group, use the following syntax:

Deleting an account does not remove their respective home folder. It is up to you whether or not you wish to delete the folder manually or keep it according to your desired retention policies.

Remember, any user added later on with the same UID/GID as the previous owner will now have access to this folder if you have not taken the necessary precautions.

You may want to change these UID/GID values to something more appropriate, such as the root account, and perhaps even relocate the folder to avoid future conflicts:

To temporarily lock or unlock a user password, use the following syntax, respectively:

To add or delete a personalized group, use the following syntax, respectively:

To add a user to a group, use the following syntax:

User Profile Security

When a new user is created, the adduser utility creates a brand new home directory named /home/username . The default profile is modeled after the contents found in the directory of /etc/skel , which includes all profile basics.

If your server will be home to multiple users, you should pay close attention to the user home directory permissions to ensure confidentiality. By default, user home directories in Ubuntu are created with world read/execute permissions. This means that all users can browse and access the contents of other users home directories. This may not be suitable for your environment.

To verify your current user home directory permissions, use the following syntax:

The following output shows that the directory /home/username has world-readable permissions:

You can remove the world readable-permissions using the following syntax:

Note

Some people tend to use the recursive option (-R) indiscriminately which modifies all child folders and files, but this is not necessary, and may yield other undesirable results. The parent directory alone is sufficient for preventing unauthorized access to anything below the parent.

A much more efficient approach to the matter would be to modify the adduser global default permissions when creating user home folders. Simply edit the file /etc/adduser.conf and modify the DIR_MODE variable to something appropriate, so that all new home directories will receive the correct permissions.

After correcting the directory permissions using any of the previously mentioned techniques, verify the results using the following syntax:

The results below show that world-readable permissions have been removed:

Password Policy

A strong password policy is one of the most important aspects of your security posture. Many successful security breaches involve simple brute force and dictionary attacks against weak passwords. If you intend to offer any form of remote access involving your local password system, make sure you adequately address minimum password complexity requirements, maximum password lifetimes, and frequent audits of your authentication systems.

Minimum Password Length

By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password , which is outlined below.

If you would like to adjust the minimum length to 8 characters, change the appropriate variable to min=8. The modification is outlined below.

Note

Basic password entropy checks and minimum length rules do not apply to the administrator using sudo level commands to setup a new user.

Password Expiration

When creating user accounts, you should make it a policy to have a minimum and maximum password age forcing users to change their passwords when they expire.

To easily view the current status of a user account, use the following syntax:

The output below shows interesting facts about the user account, namely that there are no policies applied:

To set any of these values, simply use the following syntax, and follow the interactive prompts:

The following is also an example of how you can manually change the explicit expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, maximum password age (-M) of 90 days, inactivity period (-I) of 30 days after password expiration, and a warning time period (-W) of 14 days before password expiration:

To verify changes, use the same syntax as mentioned previously:

The output below shows the new policies that have been established for the account:

Other Security Considerations

Many applications use alternate authentication mechanisms that can be easily overlooked by even experienced system administrators. Therefore, it is important to understand and control how users authenticate and gain access to services and applications on your server.

SSH Access by Disabled Users

Simply disabling/locking a user password will not prevent a user from logging into your server remotely if they have previously set up SSH public key authentication. They will still be able to gain shell access to the server, without the need for any password. Remember to check the users home directory for files that will allow for this type of authenticated SSH access, e.g. /home/username/.ssh/authorized_keys .

Remove or rename the directory .ssh/ in the user’s home folder to prevent further SSH authentication capabilities.

Be sure to check for any established SSH connections by the disabled user, as it is possible they may have existing inbound or outbound connections. Kill any that are found.

Restrict SSH access to only user accounts that should have it. For example, you may create a group called “sshlogin” and add the group name as the value associated with the AllowGroups variable located in the file /etc/ssh/sshd_config .

Then add your permitted SSH users to the group “sshlogin”, and restart the SSH service.

External User Database Authentication

Most enterprise networks require centralized authentication and access controls for all system resources. If you have configured your server to authenticate users against external databases, be sure to disable the user accounts both externally and locally. This way you ensure that local fallback authentication is not possible.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *