extends: post.liquid
title: Don't set an empty root password on Chrome OS
date: 04 Mar 2014 16:41:00 +0100
path: /:year/:month/:day/don-t-set-an-empty-root-password-on-chrome-os
route: blog
---

So I got this [Chromebook][chromebook-post] in Developer Mode and wanted to set
a root password to atleast protect it a little.

Easy:

~~~bash
sudo chromeos-setdevpasswd
~~~

Oh, wait. You pressed enter twice here? Backup your data and reset the device.

This is what `chromeos-setdevpasswd` does:

~~~bash
#!/bin/sh

mkdir -p /mnt/stateful_partition/etc
echo "chronos:$(openssl passwd -1)" > /mnt/stateful_partition/etc/devmode.passwd
~~~

openssl does not care that you just used an empty password, atleast if you also verify it.
But so do `su` and `sudo`, which means you won't be able to get root rights again.

But it's Chrome OS after all, so most things are stored in your Google profile
anyway, resetting and restoring the thing is done easily.

[chromebook-post]: http://fnordig.de/2014/03/03/samsung-chromebook-a-short-review/