[sclug] Ubuntu passwords
Spiros Kapetanakis
spizkapa at gmail.com
Tue Aug 9 07:04:18 UTC 2005
To the best of my knowledge, there is only one real difference between
a system that has a proper root user and one that doesn't excpet for
sudo. A proper root user has his initialisation files in /home/root or
wherever. This is not the case with a sudo user who's files are by
default the same as the normal user and kept in the same place. So, if
you're starting a service of some sort (I have to start an
authentication service for work, for example), you may need to su and
not sudo to get it going, if your sysadmin doesn't know anything about
sudo, kinda like mine...
Spiros
P.S. Apologies if I've sent this twice, there was a glitch in the matrix...
On 09/08/05, John Stumbles <john at stumbles.org.uk> wrote:
> John Stumbles wrote:
> > Neil Haughton wrote:
>
> >> For what you want to do (which sounds like a multi-user set up), do
> >> you really think this is the right distro to use? I get the impression
> >> that is intended to be used as a single-user personal OS, which is
> >> why root has the same password as the first user. If that's the case
> >> and I have not completely misunderstood, Debian 3.1 might be a better
> >> choice, especially as Ubuntu is built on that so you'll get the more
> >> trad Unix approach to multiple users and security, with basically the
> >> same distro as underneath Ubuntu.
> >
> >
> > I'm happy with the setup that the first user is a sudoer/root-equivalent
> > (since I'm the first user!). I want to be able to curb the privileges of
> > other users. Is Debian radically different to [k]ubuntu in its security
> > model then, or is it just that it has a normal root login?
>
> Actually I think the argument for the ubuntu model is that it can be
> more secure than a system where one can log in as root, partly because
> there's no need for a shared root password[1] and partly because
> sudo-ing leaves a log of who is doing it which a root login at a console
> doesn't. I suppose one weakness however is that if a sudoer has a weak
> password then the whole system is compromised, rather than just their
> own account.
>
> [1] some of the shared passwords used at a large organisation I used to
> work at were still being used 2-3 years after I left!
>
> --
> John Stumbles
> _______________________________________________
> sclug mailing list
> sclug at sclug.org.uk
> http://www.sclug.org.uk/mailman/listinfo/sclug
>
More information about the Sclug
mailing list