6

Since a few days I've a new laptop running Ubuntu Linux. During the installation I had to create my own user account. After rebooting, I saw, that the manufacture created a second user called oem (original equipment manufacturer) which has admin rights.

Is there any reason to keep the second account since I'm using only my own.

user3147268
  • 209
  • 3
  • 7

2 Answers2

6

TL;DR Yes, delete the OEM account.

Before you delete the OEM account, check if you are in the sudo group

groups

Sample output:

% groups
a_user_name daemon adm cdrom sudo dip plugdev fuse lpadmin sambashare docker sbuild

  • If you are in the sudo group, remove the OEM account

    sudo userdel --remove --selinux-user oem

  • If not, follow these steps

    1. Boot into the GRUB menu

      Press and hold the left Shift key during boot.

    2. Start the recovery mode

      Select the entry recovery mode

    3. Open the root console

      Select the entry root

    4. Remount the root partition

      mount -o rw,remount /

    5. Add your user in the group sudo

      usermod -a -G sudo <your_user>

    6. Continue the boot process

      Press Ctrl+C

A.B.
  • 89,123
  • 21
  • 245
  • 323
3

For security reasons, I suggest you delete the OEM's account and change the root password. You can delete the OEM's account with sudo userdel accountlogin and change the root password with sudo passwd

To consider the possibility that the OEM may have enabled the root account, perhaps a better alternative is to disable the root account altogether with sudo passwd -ld root More info here

Fabby
  • 34,341
  • 38
  • 97
  • 191
Sergiy Kolodyazhnyy
  • 103,293
  • 19
  • 273
  • 492
  • 1
    Ubuntu (for weird reasons) doesn't have a root account (with password) by default, so if a password is set you can [disable it](https://help.ubuntu.com/community/RootSudo#Re-disabling_your_root_account) – Wilf Jun 07 '15 at 16:16
  • I also thought about security, since the account isn't password protected by default and the laptop is booting everytime in this account which requires me to logout and login to my custom account. But the oem's account is usually not connected to any interal processes of the operating system, right? – user3147268 Jun 07 '15 at 16:17
  • @Wilf there's root account on every *nix system ! In Ubuntu the password is simply hidden from the user upon installation for security reasons. – Sergiy Kolodyazhnyy Jun 07 '15 at 16:22
  • @user3147268 I don't question the oem's credibility, but if you have remote connection like ssh or telnet enabled, then oem may login remotely into your machine. This is why I suggested removing the account and changing root password. Your machine must be fully owned by you, that's my opinion at least – Sergiy Kolodyazhnyy Jun 07 '15 at 16:24
  • That's a good objection. I've planned this anyway but I'm only asking for the sake of not knowing any corellations that could cause problems after the deletion. – user3147268 Jun 07 '15 at 16:28
  • @user3147268 well , if there's any programs owned by oem or scripts, then that is easily fixable by changing ownership to yourself with `chown yourusername:yourusergroup filename`. Otherwise , I don't see any possible issues – Sergiy Kolodyazhnyy Jun 07 '15 at 16:33
  • is there a fast way / shell script to see wether a programm belongs to the oem's account? – user3147268 Jun 07 '15 at 16:37
  • I'd say `find / -user oemusername -ls` should do the trick. Where / is the root directory. Find will descend from root directory into others and list all the files that belong to user specified by `-user` flag. `-ls` is optional, it simply shows output in the format similar to `ls -l` . If there is a lot of files, use ` | less` at the end or output that to file with ` > filename.txt` at the end. – Sergiy Kolodyazhnyy Jun 07 '15 at 16:44
  • 1
    @Serg - I know :D - "...doesn't have a root account (*with password*) by default". Disabling/Changing the root account should work, but you may want to check for authorized SSH keys in `~/.ssh` as well (or remove the installed server package), as those don't need password authentication. – Wilf Jun 07 '15 at 18:02
  • @Wilf Yup, that would be another point to consider – Sergiy Kolodyazhnyy Jun 07 '15 at 18:04
  • @Serg In Ubuntu there is no root password. It is not hidden, it just is not set. You can't login as root to Ubuntu. Advice to change root password is not very good. OP can find a way to do it and will enable root account. – Pilot6 Jun 07 '15 at 18:56
  • @Pilot6 My suggestion is not aimed at enabling root account, but rather considering possibility that oem may have enabled it. Perhaps Wilf's idea is slightly better - instead of changing the password, disable it. I'll edit my answer to include that – Sergiy Kolodyazhnyy Jun 07 '15 at 19:08
  • 1
    @Serg (in reply to an earlier comment) Do mistrust the OEM's reliability! I've heard the Emperor Linux sets up their machines with the root account and then leaves it enabled. Install an ssh server and bam, you'll have people brute forcing the root account (iirc `PermitRootLogin` is by default set to `yes` in the config). Don't trust that just because they are an OEM that they do things the right way™. – Seth Jun 08 '15 at 01:59