--- In [email protected], Linux Canuck <[EMAIL PROTECTED]>
wrote:
>
> I have taken exception before and will try to stop the spread of
false information once again. At the very least you are spreading
misinformation based on your own prejudice whether inadvertent or
intentional. It does not matter. It is wrong.
>
> Sudo is different from having a root user and a normal user, but it
is no less secure. It prevents many problems and solves
administrator's diverse needs without compromising security needs.
There are advantages and disadvantages to each. To compare it to
Windows is absurd. Windows is unsecure for many reasons, none of which
has anything to do with sudo or having a separate root user. You can
have a separate administrator with a password in Windows and the
security still sucks.
>
> There are many abuses and problems that an unwitting ordinary user
can inflict upon his system by logging on as root, such as totally
destroying it and allowing anyone into the system. Why? Because once
you are logged on as root, you are not asked for any more passwords.
Anyone can then access your system whether at the keyboard or through
the back door and you are skewered. With sudo anyone who wants to do
harm will be prompted for a password to make any changes to your
computer. I am not saying sudo is better, just that it avoids
potential problems.
>
> Granted not everyone is moronic enough to log on as root, but some
may be. The temptation is strong, especially for someone coming from a
Windows background who does not perhaps understand the need for
passwords or is perhaps put off by the asking of them in the first place.
>
> To make the case that there is something wrong with sudo, you will
have to produce hard evidence. In the mean time please desist from
spreading false information. This gives the false impression that
Ubuntu is less secure which is peculiar because in a contest it has
finished first three years in a row beating OS/X and Vista, with its
security not yet being defeated by hacking elite over a three day
period. That should convince you that sudo is secure and leave it at that.
>
> Roy
>
>
> Linux: Fast, friendly, flexible and .... free!
> Support Open source.
> <*,)}}+<
> Only dead fish go with the flow!
>
>
>
>
> ----- Original Message ----
> From: Gary <[EMAIL PROTECTED]>
> To: [email protected]
> Sent: Tuesday, September 2, 2008 10:21:13 PM
> Subject: [LINUX_Newbies] Re: Hello all : )
>
>
> I don't like Ubuntu's "root-user-less" security setup. It
> perpetuates bad Windows practice of user=admin, no matter how they try
> to spin their methodology as being A Good Thing. Also, I've had a
> situation where logging in as root was the ONLY way I could get the
> GUI (KDE) running, because .kde config files in my /home were
> seriously screwed, the whole /home partition was screwed, and /root
> (i.e. root-user's private home directory) is placed with other system
> directories in system root (and therefore in the system's disk
> partition) instead of within the /home hierarchy. /root provided me
> with a virgin default set of .kde configs to revert to.
Roy, you are projecting other people's arguments onto me. And face
it, even with sudo passwording everything, the (average single-user
PC) USER == ADMIN, and won't necessarily think twice about typing in
THEIR OWN password to execute a dangerous command. Wheras thinking
about a different password might. SUDO doesn't necessarily make
people think more or less than direct root login, PEOPLE make people
think more or less. And any fool who walks away from a machine logged
in as root deserves what they get. That's whay it's called a
"learning experience."
Yes, Windows has security flaws that have nothing to do with
separation of admin power from user, but there is also a mindset that
goes along with it. That's what I am trying to eliminate.
ALSO, after you got up on your high horse, you completely ignored the
fact that my primary objections to no-direct-root-login have ALMOST
NOTHING to do with relative security levels, but system error recovery
and other aesthetics. I also don't like having to enter the same
damn password five times to execute five simple commands in sequence.
For me personally, logging in direct as root is a tangible mental cue
to be VERY CAREFUL, and I make sure to give myself visual cues as well
(coloring the panel(s) and titlebars bright red, etc.) I'll grant
that other people may find other methods that work better.
THERE IS NO ONE TRUE WAY. NEITHER MINE NOR YOURS. I WILL NOT BE CALLED
A GODDAMN LIAR ON THIS OR ANY FORUM FOR STATING MY HONEST OPINION!
If you want to score points for your side, Roy, you're going to have
to do better than simply denouncing the other side.
------------------------------------
To unsubscribe from this list, please email [EMAIL PROTECTED] & you will be
removed.Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/LINUX_Newbies/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/LINUX_Newbies/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
