Kali Linux is a specialized Linux distribution for cyber security testing and hacking related tasks.
If you’ve used Kali Linux, you probably know that it followed a default root user policy. In other words, you are always root in Kali Linux. Whatever you do – you will be accessing tools/applications as root by default.
It looks like everything back then was kind of “root for all” for everything. So, the default root user policy existed.
They also explained the history for this in their announcement post:
A lot of those tools back then either required root access to run or ran better when ran as root. With this operating system that would be ran from a CD, never be updated, and had a lot of tools that needed root access to run it was a simple decision to have a “everything as root” security model. It made complete sense for the time.
Kali Linux will now have a default non-root user (like most other distributions)
A default non-root model was necessary because a lot of users now use Kali Linux as their daily driver.
Of course, they do not recommend using Kali Linux as a replacement for stable distributions like Ubuntu/Fedora/Manjaro – however, with its active development, some users do consider using it on a day-to-day basis instead of just using it for its tools.
So, with a wide mainstream usage of the distro, the Kali Linux team thought of switching to a default non-root model because nowadays a lot of applications/tools do not require root access.
While we don’t encourage people to run Kali as their day to day operating system, over the last few years more and more users have started to do so (even if they are not using it to do penetration testing full time), including some members of the Kali development team. When people do so, they obviously don’t run as default root user. With this usage over time, there is the obvious conclusion that default root user is no longer necessary and Kali will be better off moving to a more traditional security model.
So I am reiterating that you should not consider Kali Linux to be fit for your daily tasks if you do not utilize security-related Kali Linux tools. Feel free to experiment – but I wouldn’t be so sure to rely on it.
So from the next release, when you install Kali Linux, you’ll be asked to create non-root user that will have admin privileges. Tools and commands that require root access will be run with sudo.
New default user and password for Kali Linux live mode
Technically, you won’t find a groundbreaking difference. Just note that the default user ID and password in live mode is “kali“.
You can find the new non-root model implemented in the new daily/weekly builds if you want to test it early.
In either case, you can wait for the 2020.1 release scheduled for late January to take a look at the new default non-root user model.
Getting back the old root model in Kali Linux
If you are a long time Kali Linux user, you may not find it convenient to add sudo before commands and then manually enter the password.
The good news here is that you can still get the old password-less root rights with this command:
sudo dpkg-reconfigure kali-grant-root
What do you think about the default non-root user model? Is it a good decision? Let me know your thoughts in the comments.