Re: About root or administrative account


First, many thanks to all who answered this inquiry: Kristian, Tony,
Eamonn, Wee-Yee Chan,Jarrod, Ramkumar, Derek, and Matthew, with useful
commentary. I appreciate the several opinions. Hope I didn't miss anyone.

I do not yet understand why the Ubuntu way, sudo, with the USER's
PASSWORD, is not less safe than having a different root password. I
think the ordinary user who does an administrative task should have to
use the root password. Someone pointed out that sudo gives logging,
which will give some tracking, useful after the fact, but is in fact,
not safer.

The logging that you get with sudu helps, and that with a single user,
there isn't a lot of difference in security between having a root log-in
and separate password and having a disabled root loging and using sudo
with the user password as Ubuntu does.

The way Wee-Yee Chan describes that setup is the way they were under
early (beginning in mid 1980s with System V.2, 3 and 4) AT&T Unix
systems. The root account was set so that is was not remotely
accessible, it had a different password than user accounts, and though I
think sudu was available for administrative tasks, I am not sure I knew
about it. I do know I never used it.

For a single task, I wrote

su -c "the task"

upon giving the root password, "the task" was executed in as root. I do
not know whether this was logged.

Further comment appreciated.

To Wee-Yee Chan: Is Wee-Yee your given name and Chan your family name?
Or the other way 'round?

Warmest Regards
David Teague


Wei-Yee Chan wrote:
Derek Broughton wrote:

otoh, I administer a CentOS (based on RedHat) system, which may or may not
have root enabled - I've never checked because I just use sudo.


Come on, U know it doesn't matter. I've got root enabled on all of my
Ubuntu machines. The password is different from the one that I use for
my personal account, of cos. My personal account has no administrative
privileges so whenever I need to attend to an administrative task, I'll
just start up a terminal window and hit "su", or alternatively login as
root.

I've got remote login disabled, all my computers are behind my router,
and I'm the only person capable of doing any real damage to my
computers. What could possibly go wrong? :-)

Regards,

Wei-Yee Chan
http://chanweiyee.blogspot.com





--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: Ubuntu dapper drake question (running ubuntu-6.06-desktop)
    ... doing administrative task as root user, but to use sudo in a user ... On the liveCD no user password is required for using sudo, ... I have no way to create/add root password on user's terminal. ... provided that the interface is ...
    (Ubuntu)
  • Re: Root user permission
    ... To accomplish any administrative task such as ... apt-get update, you have to issue ... the root ...
    (Ubuntu)
  • Re: Root user permission
    ... part of the sudo group. ... To accomplish any administrative task such as ... apt-get update, you have to issue ... root owns all of the files and directories and the group is also root. ...
    (Ubuntu)
  • Re: Logins
    ... >more dangerous to log in to a gui interface as root as opposed to ... Users logging as root in a GUI tend ... merely to run a particular administrative task In fact these users ...
    (Fedora)