The Kali Linux operating system, which is very well-known in the security industry, has released a version update announcement. If there is no accident, the project team will release the Kali Linux 2020.1 update later this month. It is also from this version that the operating system will no longer use the root account by default, and switch to the new security model.
The Kali Linux project team said: “As part of our evaluation of Kali tools and policies we have decided to change this and move Kali to a “traditional default non-root user” model. This change will be part of the 2020.1 release, currently scheduled for late January. However, you will notice this change in the weekly images starting now.”
The overall stability of Kali Linux has been getting higher and higher, which has also made more and more users use this operating system as the main operating system, although researchers or ordinary users are not encouraged to use Kali as the main operating system. But more and more users have indeed done so in the past few years, and their main use may not be penetration and security testing.
When people use Kali as the main operating system, they obviously do not need to run the root account, because most software and tools do not require root permissions. For this reason, the project team decided to change the security model in accordance with user needs. The root account is no longer the default account.
Next, Kali will guide the user to create a non-root account with administrator privileges for daily use during the installation phase. Of course, if the user needs root privileges, he can still switch to root privileges.
• Kali in live mode will be running as user
kali. No more
toor. (Get ready to set up your IDS filters, as we are sure this user/pass combo will be being scanned for by bots everywhere soon).
• On install, Kali will prompt you to create a non-root user that will have administrative privileges (due to its addition to the
sudogroup). This is the same process as other Linux distros you may be familiar with.
• Tools that we identify as needing root access, as well as common administrative functions such as starting/stopping services, will interactively ask for administrative privileges (at least when started from the Kali menu). If you really don’t care about security, and if you prefer the old model, you can install kali-grant-root and run
dpkg-reconfigure kali-grant-rootto configure password-less root rights.