Ubuntu user's report

Alma J Wetzker almaw
Sat Dec 18 12:59:00 PST 2004 

Net Llama! wrote:
> On 12/18/2004 08:22 AM, Myles Green wrote:
> 
>> On Sat, 2004-18-12 at 07:37 -0800, Net Llama! wrote:
>>
>>> On 12/18/2004 12:28 AM, Myles Green wrote:
>>>
>>>> Hi All, sorry for the length. If you're not interested in checking 
>>>> out a
>>>> new distro you might want to forgo this email.
>>>>
>>>> I recently installed Ubuntu on my usual system in place of my usual
>>>> distribution (Slackware) for no reason other than seeing what all the
>>>> hype was about. Having used Debian in the past (potato), and liking it,
>>>> I thought I was prepared for what I was about to encounter. Much to my
>>>> surprise, I found that I wasn't. No hassles, just pop the disc into the
>>>> drive, reboot, answer a (very) few questions, sit back and watch it
>>>> install the basic system. After that was done, pop the disc out of the
>>>> drive, reboot, answer a few more questions and, if you answered 
>>>> 'yes' to
>>>> downloading software, off it goes and installs updated software 
>>>> (most of
>>>> it security related). If you popped that disc back in after the reboot
>>>> it installs more off the disc along with the downloaded software and in
>>>> about 45 minutes (broadband Internet + high speed cdrom) you're looking
>>>> at GDM ready to login. That is, unless you elected to do a custom
>>>> install and set up a server which, I'm told, there are several folks
>>>> doing and using in production systems.
>>>>
>>>> At no time are you asked to enter a root password, by default the first
>>>> user created is added to the sudoers list. Now, I *did* have my
>>>> reservations about this idea but I do (sort of) understand their
>>>> reasoning. I also know how to type 'sudo passwd root' in order to
>>>> circumvent that idea (I believe that's all that's needed) but I've
>>>> pretty much gotten used to just typing sudo before any commands that
>>>> require root privileges - this is after all not a mission critical
>>>> system.
>>>
>>>
>>> Maybe i'm just missing something, but how is that more secure than 
>>> using root?  If your box gets owned, now they don't even need to get 
>>> root?
>>
>>
>>
>> As a desktop system no servers are installed so there no services
>> offered and minimum risk. A (several actually) firewall(s) is/are
>> available. Like I said, experienced users can enable the root account at
>> will. Nobody says you _have_ to use Ubuntu so, for folks like yourself,
>> "keep going people, nothing to see here".
>>
>> No offence Lonnie, but Red Hat and or Fedora aren't for everyone and
>> neither is Ubuntu or any other distribution. Isn't the freedom to choose
>> a wonderful thing?
>>
>> Happy Holidays,
> 
> 
> I wasn't attacking ubuntu.  I just don't understand why sudo makes the 
> box more secure.
> 
I suspect that this a reaction to Lindows running the main user as root.  With 
root disabled, the main user account will not be root.  I think it is a good 
idea as part of the install, especially for those users migrating from 
Windoze.  On those types of systems, I find that 'sudo bash' will get me 
everything that I need.  (sometimes I need to do an 'xhost' thing.)

Your question is both a curse and a blessing.  It is wonderful that you know 
enough about linux that such a move seems pointless.  Don't lose sight of the 
newbie who has the thing installed, only know Windoze, and wants to know what 
happens next.

     -- Alma

More information about the Linux-users mailing list