Rodrigo Moya wrote:
On Wed, 2008-02-27 at 21:37 +0100, Vincent Untz wrote:
Vincent, the author of the page, asked me to clarify that what he wrote are his opinions. Of course it's the same for what I write. :-) Note that I only wrote the bottom part of the page, everything else is relating Rodrigo's experience, I believe.
yes, they are mine
sudo should be used by default for a desktop install. It doesn't make any sense to have the root account. There's an option "Use the same password for root as the one used for the user" in the installer, but it's not about sudo, I believe. Thanks for pointing this out. I was myself a sudo supporter, but someone with more technical experience than me explained to me that sudo is not the right way to follow for various security/conceptual reasons, and I agree. In the end, UNIX has root, and the users should learn to manage it. It doesn't add complexity if properly explained. I disagree with the fact that people should have to learn about root. It makes things more complex for an average desktop user. I know sudo is not perfect (and PolicyKit will help solve the whole issue in a good way), but it's good enough in the very short term for desktop users. Anyway, that's a minor point and it's not the most important one.
yes, the way sudo is used in ubuntu makes it very easy for users to manage the system without having to know "who that root user is". Of course, if Policy Kit fixes it better, we should use it, as long as it makes it easy for desktop users to manage their systems, which is what ununtu does with sudo
Funny, many newbies of Ubuntu I've come across have many times tripped up on the sudo thing. I haven't got the Ubuntu laptop to hand, so this is from memory. Ubuntu ======= # sudo <command> Password: xxxxxx # # sudo su Password: xxxxxx openSUSE ======== # su <command> Password: xxxxxx # # sudo su root's Password: xxxxxx # # sudo <command> root's Password: xxxxxx The only slight difference is that there is only one password for everything in Ubuntu and an extra one for openSUSE, but I don't see that's a big deal as it's one amongst many that people, especially in a corporate setting need to remember. In some shops, passwords change every 28 to 30 days and you can't reuse any ones younger than on year. If you insist on using the same password everywhere, if you suffer from confusion or your memory isn't all it should be and the password gets cracked at one place, you are likely to suffer bad karma. On one occasion I let ssh port through the firewall to one of my boxes so that I could access some files I may have needed to copy across to my relative's box. I forgot about it for some days and sure enough, I could see lots of break-in attempts from the outside. Amazingly this sort of thinking never came up in the long history of Unix or Linux, until Ubuntu deemed their users to be pretty dumb. In Fedora, selinux forces you to think often of the root password even when you are logged in as root - that's another level of lockdown, presumably apparmor does the same depending on what you configure. I wonder -- in a Ubuntu server shop where there are a number of sysadmins who need root access, if the chief sysadmin has to give his personal pasword to the others or may be he sets up a dummy account that all sys admins use. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org