What happens to root then?

What happens to root then?

Nobody gets the root password. Being root (if necessary at all) requires a shell started by init on the console. That's how I have my home desktop machine set up: no passwords, physical access is necessary and sufficient for everything (except ssh identity, of course, which is protected on disk with a passphrase). The root password is untypable, but there are root shells started automatically on virtual consoles. So root access is protected by requiring the actual keyboard. If I were setting this up for distribution, I'd also make the root account inconvenient for running non-maintenence programs (e.g., remove /usr/X11R6/bin from root's path).

In most desktop situations, it's impossible and unnecessary to secure the system against people with physical access, and vital to secure it against remote attackers; but it's also unnecessary to permit remote users at all and inconvenient to support them usefully anyway (Mom hangs up the modem and turns off the computer when she's done).

It would be interesting to design an package management tool which could be run on a virtual console out of init in a way that end users could handle easily.