On 4/27/07, ronys <[EMAIL PROTECTED]> wrote:
Hi,
Regarding root, IIRC, 'sudo' is configured to allow the user to get
root access, e.g., 'sudo bash' should give you a root shell.
This is the approach taken by Ubuntu as well - root itself is
disabled, all root work done via sudo.
The idea behind this is better security. I'm not ocnvinced that this
is the case, but that's the intent.
Security?
I think it's a combination of convenience for the user and a very weak
form of obscurity.
For the root user I would choose a better, longer, more random
combination of characters then I would set for my own daily used
account. The attacker would surly have easier time breaking into my
account then the root account for several reasons: ssh noroot,
password, automatic blocking of failed attempts and more.
There are several situations where you might provide your password to
a fellow friend, this does not mean you like to give him complete
control over your box.
For general system administration. You are playing with your
environment, you might have some binary which you placed in ~/bin/
there is the a chance of you using sudo to by mistake running
something from this bin path, take for example "sudo mkdir newdir",
mkdir is a bash wrapper script the checks if the dir exists and if it
does it first rm it (a stupid script, but for the sake of example it
will do) the only issue is your wrapper script has a bug causing it to
rm /home or even better /. If you'd use "su -" such stuff would never
happen.
I can think of several more reasons where the "normal" user should not
be granted "by default" root access, think of ssh private-key logins
done from your laptop to your server machine done by a 3rd person.
Generally speaking I think that this is a Ubuntu bug that is "OK" for
the desktop version but should be avoid for anything else.
Maxim.
--
Cheers,
Maxim Veksler
"Free as in Freedom" - Do u GNU ?
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
