[GRLUG] Distro's - was GRLUG test comment

[Tim Schmidt]

On 5/4/06, Collin <adderd at kkmfg.com> wrote:
> But the problem is that, in Ubuntu, the first user setup can do ANYTHING
> they want w/ sudo by just giving their own password. Sure, you have to
> enter your password but it still doesn't really do it's job of
> preventing a normal user from doing something dumb. Sure, it will ask
> for their password if they type rm -rf but it will not warn them why
> that's a really bad idea. Basically, that user IS root but with an extra
> password prompt before you do anything.

Since presumably, someone who is installing an operating system - thus
wiping out everything previously on that system - is a knowledgable
person, why should they not get sudo rights?  Especially considering
that same person would be the one setting the root password anyway.

As for typing rm -rf, Ubuntu will not prompt for a password in that
situation.  You're stuck with your regular user permissions.  If a
system can be invented to protect a user's data from the user himself
I think someone would be a millionare.

> If a knowledgeable person is running Ubuntu then it's setup is probably
> fine. They'll be able to run their root commands without needing to be
> root and with the extra security of a password prompt. However, I'd
> doubt that it's sufficient protection against destruction in the hands
> of a novice.

You're still not quite getting it...  when you run a command through
sudo, you _are_ root as far as that command understands.  And sudo
performs sufficient security checks for that to be OK.

As far as destruction in the hands of a novice goes, see the previous
comment about a user and his data.

> I'd agree that sudo is better 'when properly configured.' I'm not sure
> Ubuntu fits that classification.

Ah.  The first bit of usefull dialog in this thread.  I would love to
talk about configuring sudo in various ways for various systems and
use-cases.  Should we start a new one?

--tim