[GRLUG] Distro's - was GRLUG test comment
adderd at kkmfg.com
Thu May 4 17:44:43 EDT 2006
But the problem is that, in Ubuntu, the first user setup can do ANYTHING
they want w/ sudo by just giving their own password. Sure, you have to
enter your password but it still doesn't really do it's job of
preventing a normal user from doing something dumb. Sure, it will ask
for their password if they type rm -rf but it will not warn them why
that's a really bad idea. Basically, that user IS root but with an extra
password prompt before you do anything.
If a knowledgeable person is running Ubuntu then it's setup is probably
fine. They'll be able to run their root commands without needing to be
root and with the extra security of a password prompt. However, I'd
doubt that it's sufficient protection against destruction in the hands
of a novice.
I'd agree that sudo is better 'when properly configured.' I'm not sure
Ubuntu fits that classification.
Tim Schmidt wrote:
> >From the wikipedia article on su
> A related command called sudo executes a command as another user but
> observes a set of constraints about which users can execute which
> commands as which other users (generally in a configuration file named
> /etc/sudoers). Unlike su, sudo authenticates users against their own
> password rather than that of the target user (to allow the delegation
> of specific commands to specific users on specific hosts without
> sharing passwords among them and while mitigating the risk of any
> unattended terminals).
> Great care must be taken by a system administrator to choose a
> suitable password for the root account, to prevent any possible
> takeover by a low level user running su. Some Unix-like systems have a
> wheel group of users, and only allow these users to su to root. This
> may or may not mitigate these security concerns, since an intruder
> might first simply break into one of those accounts. GNU su, however,
> does not support a wheel group; this was done for philosophical
> reasons. 
> Enough said.
> grlug mailing list
> grlug at grlug.org
More information about the grlug