Language Selection

English French German Italian Portuguese Spanish

Kali Default Non-Root User

Filed under
GNU
Linux
Security

For years now, Kali has inherited the default root user policy from BackTrack. As part of our evaluation of Kali tools and policies we have decided to change this and move Kali to a “traditional default non-root user” model. This change will be part of the 2020.1 release, currently scheduled for late January. However, you will notice this change in the weekly images starting now.

The History of Default Root User

In the beginning, there was BackTrack. In its original form, BackTrack (v1-4) was a Slackware live based distro intended to be ran from a CDROM. Yes, we do go back a ways (2006!).

In this model, there was no real update mechanism, just a bunch of pentesting tools living in the /pentest/ directory, that you could use as part of assessments. It was the early days, so things were not very sophisticated, we were just all happy things worked. A lot of those tools back then either required root access to run or ran better when ran as root. With this operating system that would be ran from a CD, never be updated, and had a lot of tools that needed root access to run it was a simple decision to have a “everything as root” security model. It made complete sense for the time.

As time went by however, there were a number of changes. All of us that were around back then sort of remember things a little differently but on the broad strokes we saw people were installing BackTrack on bare metal so we felt like there should be an update mechanism. Especially after walking around Defcon and noticing how many people were using a version of BackTrack that was vulnerable to a certain exploit which came out a few weeks prior. That moved us to basing BackTrack 5 off of Ubuntu instead of Slackware live (February 2011). Then as more time went by we were so busy fighting with Ubuntu that we felt like we needed to move onto something else.

That brought us to Kali, and being an official Debian derivative.

Modern Kali

Our move to be a Debian derivative brought with a whole host of advantages. So many in fact its not worth reviewing them here, just look at the early Kali blog posts shortly after the launch and you will see a ton of examples. But one advantage that we never really talked to much about is the fact that we are based on Debian-Testing.

Debian has a well earned reputation for being one of the most stable Linux distros out there. Debian-Testing is the development branch of the next version of Debian, and realistically is still more stable than many mainstream Linux distros.

While we don’t encourage people to run Kali as their day to day operating system over the last few years more and more users have started to do so (even if they are not using it todo penetration testing full time), including some members of the Kali development team. When people do so, they obviously don’t run as default root user. With this usage over time, there is the obvious conclusion that default root user is no longer necessary and Kali will be better off moving to a more traditional security model.

Read more

Kali Linux to Default to Non-Root User With 2020.1 Release

  • Kali Linux to Default to Non-Root User With 2020.1 Release

    The Kali Linux distribution is going to switch to a new security model by defaulting to a non-root user starting with the upcoming 2020.1 release.

    This change will come with the release of the 2020.1 version scheduled for late January 2020, but users can already test it via the daily builds.

    They will also be able to test it by downloading and running the weekly images released until Kali 2020.1 will be officially available.

    "New year is a good time for major changes, and in that spirit we would like to announce a major change in the Kali security model releasing in the upcoming 2020.1 release - Default Non-Root User," the Kali Linux team announced on Twitter.

Kali Linux Will No Longer Have The Default Root User

  • Kali Linux Will No Longer Have The Default Root User

    Kali Linux is a specialized Linux distribution for cyber security testing and hacking related tasks.

    If you’ve used Kali Linux, you probably know that it followed a default root user policy. In other words, you are always root in Kali Linux. Whatever you do – you will be accessing tools/applications as root by default.

    It looks like everything back then was kind of “root for all” for everything. So, the default root user policy existed.

Kali Linux Will Have A Default Non-Root User With 2020.1 Release

  • Kali Linux Will Have A Default Non-Root User With 2020.1 Release

    Like most other distributions, Kali Linux will soon have a default non-root user. The ethical hacking and penetration testing operating system will be switching from “everything as root” security model to the new one precisely with the upcoming 2020.1 release.

    The release is currently scheduled for late January. However, users can already test it via the daily builds. The change will be part of the next weekly build too, the developers said.

    So what exactly prompted the team to switch to the new security model? “While we don’t encourage people to run Kali as their day to day operating system, over the last few years more and more users have started to do so (even if they are not using it to do penetration testing full time), including some members of the Kali development team. When people do so, they obviously don’t run as default root user,” explained Kali team lead Jim O’Gorman.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

LibreOffice Base Guide 7.2 has been released

The LibreOffice Documentation Team releases the Base Guide 7.2, based on refactored content from the Base Guide 6.4, with the 7.2 branding and text layout. It covers LibreOffice’s database component. The team decided to just fast-forward the release number, given the very little developments for Base since LibreOffice 6.4. The team intended to complete the Guide set for LibreOffice 7.2 and get ready to update contents of the set for the forthcoming LibreOffice 7.3 release. The LibreOffice Base Guide is a community effort that include valuable collaboration from Robert Großkopf, Pulkit Krishna, Dan Lewis, Drew Jensen (In Memoriam), Peter Schofield, Jost Lange, Steve Schwettman, Jean-Pierre Ledure, Jochen Schiffers, Martin Fox, Alain Romedenne, Jenna Sargent, Hazel Russman, Andrew Pitonyak and Randolph Gamo. Read more

Krita 4 splash screen

This easter egg is not part (yet) of Krita 5, will not be part of the release of 5.0 coming soon and that's good: you don't want to miss the new splash screen from Tyson Tan with the larger size in Krita 5. It's splendid! But for sure I'll try to propose an illustration for later Krita 5.1 or 5.2 release, one that could be ready before December 2022. Feel free to also contribute to make ones (it's not just a privilege I had), you just need to propose your artwork made with Krita, with an aspect ratio for this format, about the season, and with a permissive license (eg. CC-By 4.0). Don't forger to post-it on https://krita-artists.org/ , so the community and developers can see it. Read more

LoRa expansion boards work with Raspberry Pi SBC and Raspberry Pi Pico board (Crowdfunding)

We’ve covered a number of LoRa solutions based on Raspberry Pi boards, and SB Components is now offering another with the LoRa HAT for Raspberry Pi equipped with an Ebyte E22 LoRa module operating in either the 433 MHz, or 868 and 915 MHz bands. The company also offers a LoRa expansion for Pico based on the same E22 module, adding a small 1.14-inch LCD for information display, and designed for the Raspberry Pi Pico board with the RP2040 dual-core Cortex-M0+ microcontroller. Read more

Programming Leftovers