Mailinglist Archive: opensuse-factory (464 mails)
| < Previous | Next > |
Re: [opensuse-factory] Experience of switching to Factory from Ubuntu
- From: Sid Boyce <sboyce@xxxxxxxxxxxxxxxx>
- Date: Fri, 29 Feb 2008 21:20:24 +0000
- Message-id: <47C87718.9000404@xxxxxxxxxxxxxxxx>
Rodrigo Moya wrote:
Funny, many newbies of Ubuntu I've come across have many times tripped up on the sudo thing.
I haven't got the Ubuntu laptop to hand, so this is from memory.
Ubuntu
=======
# sudo <command>
Password: xxxxxx
#
# sudo su
Password: xxxxxx
openSUSE
========
# su <command>
Password: xxxxxx
#
# sudo su
root's Password: xxxxxx
#
# sudo <command>
root's Password: xxxxxx
The only slight difference is that there is only one password for everything in Ubuntu and an extra one for openSUSE, but I don't see that's a big deal as it's one amongst many that people, especially in a corporate setting need to remember. In some shops, passwords change every 28 to 30 days and you can't reuse any ones younger than on year.
If you insist on using the same password everywhere, if you suffer from confusion or your memory isn't all it should be and the password gets cracked at one place, you are likely to suffer bad karma.
On one occasion I let ssh port through the firewall to one of my boxes so that I could access some files I may have needed to copy across to my relative's box. I forgot about it for some days and sure enough, I could see lots of break-in attempts from the outside.
Amazingly this sort of thinking never came up in the long history of Unix or Linux, until Ubuntu deemed their users to be pretty dumb. In Fedora, selinux forces you to think often of the root password even when you are logged in as root - that's another level of lockdown, presumably apparmor does the same depending on what you configure.
I wonder -- in a Ubuntu server shop where there are a number of sysadmins who need root access, if the chief sysadmin has to give his personal pasword to the others or may be he sets up a dummy account that all sys admins use.
Regards
Sid.
--
Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot
Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach
Microsoft Windows Free Zone - Linux used for all Computing Tasks
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
On Wed, 2008-02-27 at 21:37 +0100, Vincent Untz wrote:
yes, they are mineVincent, the author of the page, asked me to clarify that what he wroteNote that I only wrote the bottom part of the page, everything else is
are his opinions. Of course it's the same for what I write. :-)
relating Rodrigo's experience, I believe.
yes, the way sudo is used in ubuntu makes it very easy for users toI disagree with the fact that people should have to learn about root. Itsudo should be used by default for a desktop install. It doesn't makeThanks for pointing this out. I was myself a sudo supporter, but someone
any sense to have the root account. There's an option "Use the same
password for root as the one used for the user" in the installer, but
it's not about sudo, I believe.
with more technical experience than me explained to me that sudo is not
the right way to follow for various security/conceptual reasons, and I
agree. In the end, UNIX has root, and the users should learn to manage
it. It doesn't add complexity if properly explained.
makes things more complex for an average desktop user. I know sudo is
not perfect (and PolicyKit will help solve the whole issue in a good
way), but it's good enough in the very short term for desktop users.
Anyway, that's a minor point and it's not the most important one.
manage the system without having to know "who that root user is". Of
course, if Policy Kit fixes it better, we should use it, as long as it
makes it easy for desktop users to manage their systems, which is what
ununtu does with sudo
Funny, many newbies of Ubuntu I've come across have many times tripped up on the sudo thing.
I haven't got the Ubuntu laptop to hand, so this is from memory.
Ubuntu
=======
# sudo <command>
Password: xxxxxx
#
# sudo su
Password: xxxxxx
openSUSE
========
# su <command>
Password: xxxxxx
#
# sudo su
root's Password: xxxxxx
#
# sudo <command>
root's Password: xxxxxx
The only slight difference is that there is only one password for everything in Ubuntu and an extra one for openSUSE, but I don't see that's a big deal as it's one amongst many that people, especially in a corporate setting need to remember. In some shops, passwords change every 28 to 30 days and you can't reuse any ones younger than on year.
If you insist on using the same password everywhere, if you suffer from confusion or your memory isn't all it should be and the password gets cracked at one place, you are likely to suffer bad karma.
On one occasion I let ssh port through the firewall to one of my boxes so that I could access some files I may have needed to copy across to my relative's box. I forgot about it for some days and sure enough, I could see lots of break-in attempts from the outside.
Amazingly this sort of thinking never came up in the long history of Unix or Linux, until Ubuntu deemed their users to be pretty dumb. In Fedora, selinux forces you to think often of the root password even when you are logged in as root - that's another level of lockdown, presumably apparmor does the same depending on what you configure.
I wonder -- in a Ubuntu server shop where there are a number of sysadmins who need root access, if the chief sysadmin has to give his personal pasword to the others or may be he sets up a dummy account that all sys admins use.
Regards
Sid.
--
Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot
Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach
Microsoft Windows Free Zone - Linux used for all Computing Tasks
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |