[sclug] Ubuntu passwords

[John Stumbles]

John Stumbles wrote:
> Neil Haughton wrote:

>> For what you want to do (which sounds like a multi-user set up), do 
>> you really think this is the right distro to use? I get the impression 
>> that is intended to be used as a single-user personal OS,  which is 
>> why root has the same password as the first user. If that's the case 
>> and I have not completely misunderstood, Debian 3.1 might be a better 
>> choice, especially as Ubuntu is built on that so you'll get the more 
>> trad Unix approach to multiple users and security, with basically the 
>> same distro as underneath Ubuntu.
> 
> 
> I'm happy with the setup that the first user is a sudoer/root-equivalent 
> (since I'm the first user!). I want to be able to curb the privileges of 
> other users. Is Debian radically different to [k]ubuntu in its security 
> model then, or is it just that it has a normal root login?

Actually I think the argument for the ubuntu model is that it can be 
more secure than a system where one can log in as root, partly because 
there's no need for a shared root password[1] and partly because 
sudo-ing leaves a log of who is doing it which a root login at a console 
doesn't. I suppose one weakness however is that if a sudoer has a weak 
password then the whole system is compromised, rather than just their 
own account.

[1] some of the shared passwords used at a large organisation I used to 
work at were still being used 2-3 years after I left!

-- 
John Stumbles