On Mon, 15 Aug 2005 21:38:50 +1000 Jeff Waugh <[EMAIL PROTECTED]> wrote:
> <quote who="Sridhar Dhanapalan"> > > > 1. the installer didn't ask me to define a root password > > Yep, the root account is disabled. > > > 2. once installed, I discovered that the root password was the same > > as the password of the user I had created in the installation > > Nup, there is no root password - it's locked. You must've been using > sudo. > > > 3. the user I had created in the installation was able to change > > system settings that can normally only be changed as root > > Only when you authenticate again via sudo. > > > 4. I could open a root terminal without typing a password > > The only time you can get to a root terminal without typing a > password is when you boot in recovery mode - sulogin drops you > directly to a root prompt (if an attacker has sufficient physical > access to your system to reboot and select the recovery mode boot > choice, then your system is owned already). > > > To fix the last two points I had to manually turn off "Executing > > system administration tasks" in "Users and Groups". > > That actually means you've disabled sudo access for your user, which > you'll have to recover by booting in recovery mode. > > > While I believe that Lindow^H^H^Hspire is a wart on the face of free > > software, I was shocked to see Ubuntu seemingly taking the same > > path. Am I missing something? > > Yep - the difference between running every process as root and secure > access to administrative functionality via sudo. :-) > Also, is it not true that Ubuntu's action with regard super user rights only applies to the first user created during install. All subsequent users created do not display these "sudo" traits and behave as a normally restricted user on any other Linux (apart from Lindows). So, on install create a user called "lord" or such. Then when installed, create all the other "standard" users you require. In SuSE, for example, you type in 'sux' at command prompt, with root password, to become super user - Ubuntu uses the sudo method - it's just a different approach. My view is that Lindows, in its attempt to be so much like Windows to supposedly make it easier for 'crossover', has in fact become so much like it to include its security vulnerability. Why not stay with Windows? What I like about Ubuntu is that it cost me nothing, zip, zilch, not a dime; I can do everything I did under Windows (after a bit of re-education) and I can make it look real nice but nothing at all like Windows. Oh yeah, and Windows viruses and spyware and bugs bugs bugs are no longer an issue. Sorry to become advocate like - to answer the original thread question, Lindows is the one Linux I would never use! Paul. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
