[GRLUG] Distro's - was GRLUG test comment
Ron Lauzon
rlauzon at gmail.com
Thu May 4 19:26:42 EDT 2006
Tim Schmidt wrote:
> Agree. 100%. On a system with a root password, any user may use 'su'
> in an attempt to brute-force the root account. That's bad. Ubuntu
> ships with a completely disabled root account. No amount of
> brute-forcing with get you root access.
>
Not true, since you can brute force the first user's password too.
> Further, if multiple users need to escalate their privilages for any
> reason, it's common practice (on desktops at least) to hand out the
> root password, because it's easy.
Yup. Security is never easy. But that's beside the point because this
is a security procedure issue, not an Ubuntu issue.
> That said, you can simply add your mother to the sudoers file with
> rights to run synaptic and nothing else.
>
In which case, you have a "privileged" user account and a "regular" user
account and no root user account.
So what's the difference between that and having a regular user account
and root?
--
Ron Lauzon - rlauzon at acm dot org
Homepage: http://7lauzon.home.comcast.net/
Weblog: http://ronsapartment.blogspot.com/
DNRC: Lord of All Things That Are Fattening
"To be sure, conservative radio talk show hosts have a built-in
audience unavailable to liberals: People driving cars to some
sort of job." - Ann Coulter
Microsoft Free since July 06, 2001
Running Mandriva Linux 2005LE
More information about the grlug
mailing list