Post #204,577
4/24/05 5:26:19 PM
|
Ubuntu question...
... why does it disable root access at installation? I mean, it doesn't even let you set the root password... it skips over the entire thing and goes straight to setting up a user account.
"We are all born originals -- why is it so many of us die copies?"
- Edward Young
|
Post #204,580
4/24/05 5:54:28 PM
|
My guess is that it assumes a primary user.
Note that in the menu system under "System Tools" is a "Root Terminal" where you will asked (again) for the password. That's where I go to do apt-gets.
Alex
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt. -- Bertrand Russell
|
Post #204,584
4/24/05 6:25:31 PM
|
Yeah, but
the password I have to type in is identical to my account password.
And I had to google to find that -- it didn't even *tell* me that's what was going on during the install...
"We are all born originals -- why is it so many of us die copies?"
- Edward Young
|
Post #204,581
4/24/05 5:59:03 PM
|
Main reason: Ideaology
Additionally it is a security feature.
It is the same way with a MAC. well sorta.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
[image|http://www.danasoft.com/vipersig.jpg||||]
|
Post #204,583
4/24/05 6:24:40 PM
|
Security feature?
Basically it sets your su password to your account login. I don't see how this is any different from just logging in as root all the time... which I always thought was a bad thing.
"We are all born originals -- why is it so many of us die copies?"
- Edward Young
|
Post #204,586
4/24/05 6:52:17 PM
|
Here's what it does...
It sets up a user account. It assumes that will be the primary user (but IIRC, it also lets you set up more than one user.)
The root account is not disabled.
The system sets you up as an "sudoer" (look in /etc/sudoers.) With that privilege, if you need to act as root for something (like upgrading packages), you are expected to sudo su -. Because you're a member in good standing of sudoers, you are required to type in your password. This way, the root password is never needed. Note: This works the same even on systems with a real root password -- users who are sudoers need to enter their own password to do a sudo <anything>
-YendorMike
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759 Historical Review of Pennsylvania
|
Post #204,588
4/24/05 6:59:05 PM
|
ohhhhh... thanks for explaining that
That's interesting. I'd never heard of such a thing.
"We are all born originals -- why is it so many of us die copies?"
- Edward Young
|
Post #204,597
4/24/05 8:22:47 PM
|
Re: Ubuntu question...
I just ran into this after doing a default install of Hoary Hedgehog. The folks on #ubuntu (irc.freenode.net) gave the following answer at least three times within the few minutes I was there today. sudo passwd root\n (and then using your own password first) fixes the problem of not knowing the root password.
|
Post #204,670
4/25/05 7:26:40 AM
|
I'd recommend not doing this.
And here's why.
If root has a password, and you've not disabled remote root logins, and you haven't disabled any crashy/buggy services that run as root and which could be compromised to get a shell, then an attacker doesn't even have to think about the username and can move swiftly on to the password part of things.
If you have a sensible username, then the attacker has to go through the hoops of finding a username to compromise, hoping it's in /etc/sudoers, and then hoping also that he can crack the password.
There's no such thing as total security, obviously (well, there is, but it involves your computer being in a locked, booby-trapped box at the bottom of the Marianas trench with a sign saying "Beware of the tiger" on the door[0]) but it seems silly to me to not use an obvious security feature like this.
Other benefits of using the sudo approach include not inadvertently still being root when you're rather not be (people like me who "sudo su" deserve everything they get) and also only having the one password to remember so, therefore you can make it much stronger.
It's horses for courses, naturally. Some people really find the sudo method extremely intrusive. Personally, I like it.
[0]With apologies to DNA
Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
|
Post #204,679
4/25/05 8:21:34 AM
|
A good point
Hadn't thought about it that way.
It's sounds good enough to me that I may set this up myself on my existing systems - I'll leave my day-to-day user account out of it, though. No, I don't trust my 'fumble fingers', and I detest the 'oh-shit-second'...
[link|http://www.runningworks.com|
] Imric's Tips for Living
- Paranoia Is a Survival Trait
- Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
- Even though everyone is out to get you, it doesn't matter unless you let them win.
|
Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
|
|
Post #204,680
4/25/05 8:23:41 AM
|
sudo is really powerful
You can restrict the activities of users in many ways.
You could give yourself, say, the ability to change other users' passwords but not to run dpkg, for example.
Read the man page and documentation. The syntax of /etc/sudoers takes some getting used to, so be warned :-)
Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
|
Post #204,718
4/25/05 10:44:42 AM
|
Now that I've figured out that Sudo thing...
... I have to admit that Ubuntu is a very nice distribution. It's the only one that automatically configured my Pavilion's WXGA widescreen correctly.
Unfortunately, trying to use nidiswrapper on this thing is a BITCH. It recognizes the laptop's built-in wireless for half a second and then crashes the damn networking controls.
(It doesn't work at all if I'm using the AMD64 install. Apparently some people have managed to get the 64-bit drivers to work, and have managed to compile ndiswrapper as a 64 bit app. I haven't.)
So it's back to either Mepis or Xandros, which will eventually work with my laptop's screen nicely, if I edit the xconfig file a lot. *sigh*
But I will say that other than the momentary panic of not knowing what the hell sudo was, it is a nice distro!
"We are all born originals -- why is it so many of us die copies?"
- Edward Young
|
