[Nottingham] root/sudo
Paul Sladen
notlug at paul.sladen.org
Thu May 3 17:23:59 UTC 2012
On Tue, 1 May 2012, david at gbenet.com wrote:
> You wonder what kind of an person scrapped root?
Ubuntu includes a man page (information page) about the topic:
man sudo_root
When an Ubuntu user opens a terminal he following is printed:
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
user at machine:~$ _
(This message will continue to be shown until that user has activated
'sudo' at least once. Do 'rm ~/.sudo_as_admin_successful' to reset)
Most modern operating systems are designed with security in this way
(Mac OS X, Ubuntu, recent MS Windows). The user is identifying
themselves, instead of entering a shared secret.
For new users this is natural. For adminstrators of huge-scale
systems this is natural (you /really/ don't want a shared passwd
across a network the size of a university). Identify the user as who
they are (just like a user identifying themself at a cash machine by
using their own PIN) allows additional security measures to work, such
as fingerprint readers, or two-factor authenication mechanisms. [*]
I understand that 'sudo' may be "new" or "novel" for somebody coming
from other (often legacy) Unix or old MS Windows systems. We've got
the message in the terminal, but how do you think we could better
introduce existing-intermediate users to using 'sudo' under Ubuntu?
-Paul
[*] With a shared secret fingerprints, everyone would have to pass
around the boss' severed thumb to authenicate!
More information about the Nottingham
mailing list