[GRLUG] Distro's - was GRLUG test comment

Tim Schmidt timschmidt at gmail.com
Thu May 4 18:07:07 EDT 2006 

I'm going to summarize the complaints I've read so far that aren't so
fundamentally braindamaged as to be laughable.  Just for fun.

- regular users shouldn't be able to become root

Agree.  100%.  On a system with a root password, any user may use 'su'
in an attempt to brute-force the root account.  That's bad.  Ubuntu
ships with a completely disabled root account.  No amount of
brute-forcing with get you root access.

Further, if multiple users need to escalate their privilages for any
reason, it's common practice (on desktops at least) to hand out the
root password, because it's easy.  That's bad.  Regular users should
have limited permissions, and if they need more, they should be
granted on a task-by-task basis, not the whole world at a time.  Sudo
encourages this by denying everyone by default and allowing escalated
privilages on a per-application basis.

- Ubuntu automatically gives the first user sudo rights

Yes it does.  Someone's got to have them.  You can't log in as root
(that's good - remember?).  Since the first user created is ostensibly
created for the person doing the install, they should be knowledgable
enough to handle escalated privilages (if they're not, they probably
shouldn't be installing an OS).

- My mom needs sudo rights to install software.  That means she could
rm -rf everything!

No it doesn't.  First of all, are you sure your mom should be
installing software?  She could uninstall GDM and be left with a text
login, or remove glibc and be hosed.  Properly administering a
computer is not something that can be done without education.  In a
perfect world it could (maybe), but it's not a perfect world.  The
fact that Windows allows anyone and everyone to do absolutely anything
they want to the computer (install software, mess with system files,
etc.) is exactly the reason it's so prone to malware, horrid
applications, and frequent problems.  Stability and security come with
a price - you have to learn a few things.  That's just the way it is.

That said, you can simply add your mother to the sudoers file with
rights to run synaptic and nothing else.

--tim

More information about the grlug mailing list