On 2/12/19 3:15 PM, Michal Kubecek wrote:
...which is why people end up doing crazy things like "sudo su -". And, voilà, they have a root shell anyway, except all they needed was the regular user's password. That's supposed to be the security improvement, having to write "sudo su -" rather than just "su -"?
``sudo -s'' is the easier way.
This is an example of a pragmatic improvement.
That's no improvement.
I proceeded to list 3 ways it was an improvement. Rather than address them, you've made fun of them. This means that you are actually _acting out_ the "not invented here" syndrome I was specifically addressing, you know that?
Use the same password for your regular user and root account then. You will also have "only one password to remember" and about the same level of "security" as in Ubuntu.
Points missed: * 2 passwords to keep in sync * keeps an active root account available to be 0wned * causes user confusion over which password is needed/works where Greater point missed: do you seriously think that the huge team of skilled engineers at the biggest computer company in history missed these points when they implemented this idea? Do you think you're smarter than everyone at Apple? Or did you forget that this was not an Ubuntu innovation, it was an Apple one, which Ubuntu copied? Perhaps you were distracted by the chance to take some cheap shots at a rival distro. Suggestion: don't do that.
How exactly? By forcing you to type those 5 extra characters?
If there's no root account available, you can't log in as it. This is not a hard point to understand. Up to Vista, in the Win NT family, on standalone machines, it was normal practice to log in as the administrator and use the machine that way. This was a terrible idea, but it was needed for a lot of software from the Win9x world to work, so that's what hundreds of millions of people were used to.
Except that there is regular user password which is sufficient to do anything so that the attacker does not need the root password and can "find out, social engineer, whatever" that one.
There is anyway. No real loss. But whereas a hacker knows the name of the root account because it's the same on almost all Unix machines, they don't know the username of the current owner/user. Again, this is simple, obvious stuff. I don't know why you are trying to make fun of these simple points, but if it is so that you look clever doing so, I warn you that it's not working.
Ever heard "For each complicated problem, there is an elegant, simple and easy to understand solution which has only one tiny weaknes: it does not actually solve the problem."?
A more general lesson: [1] "Those who cannot remember the past are condemned to repeat it." -- George Santayana [2] "Those who do not understand UNIX are condemned to reinvent it, poorly." -- Henry Spencer -- Liam Proven - Technical Writer, SUSE Linux s.r.o. Corso II, Křižíkova 148/34, 186-00 Praha 8 - Karlín, Czechia Email: lproven@suse.com - Office telephone: +420 284 241 084 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org