Hi Gustin :) security indeed is an solid argument. When I fetch mails, I always get more spam than wanted mails and this might be, because of the thousands of unprotected Windows desktop computers. I'm a Suse user for years and a long time ago, there was a full discussion about AppArmor (http://en.wikipedia.org/wiki/Apparmor). Suse comes with AppAmor and a firewall by default. IMHO the desire for security can become neurotic. If I leave home I'm unarmed, even if I know that it's possible to get attacked. In the time when I don't had a Windows install, I anyhow scanned my Linux by AntiVir, to be sure that I don't forward infected mails to Windows users, but I didn't use the AntiVir guard for my Linux.
On the computer sometimes I need to be protected against myself. Sometime ago I tidied up temporary files and caches. I was half asleep and unintentional I deleted /cache in /var. No security system can ban such stupid doings. I did know about the files and folders I deleted, it wasn't because of ignorance. It's human nature to be an unconcentrated idiot sometimes. I don't think I will do the same stupid thing again ;). Such auto-education has the effect of learning. Specific default settings to prevent against something nobody really can be prevented against don't has any learning effect. Just my opinion. Gustin Johnson wrote: > Ralf Mardorf wrote: > > Gustin Johnson wrote: > >> I do not wish to assist people into reducing their security further. > > What's less secure if I have a user without superuser permissions and a > > superuser account that I only will use if there is the need to. It's > > more safe than the way it's for Ubuntu. > > >> If someone can make such an educated decision, they certainly do not > >> need my help. > > That reminds me to a discussion. I once would someone tell how to get > > access to his Linux, while he has forgotten his passwords, but I wasn't > > allowed to do this in an open forum, with a similar argument to yours, > > plus the argument he might illegal hack a Linux of someone else. But > > back to the topic. Why it's less secure the way "normal" Linux like > > It could be argued that Ubuntu is "normal" since it is currently the > most popular distro. You are right, but I guess you are able to understand what I wanted to say between the lines ;). Linux, resp. UNIX started as a secure system for servers and a strict separation between administrator and user. having a user and a superuser IMHO is more safe than to have a user with some permissions of a superuser. I don't understand why a younger distro needs to change this and what's better with this. > > Debian, Suse and a lot of others do it, resp. what's more save if a user > > only needs to type sudo? I don't want to have other people on my > > computer being able to do things that only a superuser should be allowed > > to do. > > sudo can be restricted to only run certain apps by certain users or > groups. Su is an all or nothing proposition, you either have complete > access or you don't. Sudo is a very powerful application that is allows > one to fine tune who exactly has access to what. Sudo also provides an > audit trail, which is probably not of interest to many on this list, but > is useful. I cannot possibly do it justice here, but you can find more > information on sudo here: > http://www.gratisoft.us/sudo/ > > By the way, only the first user created by the Ubuntu installer has > access to sudo. Okay, this has some advantages, but than it would be good to have at least a second user account. > > Your argument is paradox to the situation it's for Ubuntu. Ubuntu is > > less secure, because ther's no superuser account. > > The superuser account exists, you are just not allowed to login to it > *by default*. Your conclusion is wrong because your argument is based > on an incorrect understanding of the mechanisms involved. If you are > genuinely curious then I would suggest you start by learning about PAM, > sudo, and visudo (what you use to configure sudo). > > Of course you are free to do whatever you want to your system. Cheers, Ralf
signature.asc
Description: OpenPGP digital signature
_______________________________________________ 64studio-users mailing list [email protected] http://lists.64studio.com/mailman/listinfo/64studio-users
