Creation of User profiles at install
Gavin McCullagh
gmccullagh at gmail.com
Mon Oct 30 11:23:55 UTC 2006
Hi,
On Mon, 30 Oct 2006, frank claessen wrote:
> the way user profiles are being created at install strikes me as odd - in
> any way it differs from the way other distro;s do it. Normally you have
> to enter a password for the root account and then you can add a normal
> user.
Ubuntu (and by inheritance Edubuntu) do not set a password on the root
account at all. This is also done on apple os x. The idea is that there
isn't a root password which gets passed around to lots of people. Instead,
certain users are given sudo access so they can briefly become root in
order to do admin tasks.
Every sudo access is logged with the command and username who did it and
only certain users can use sudo.
Every sudo user is root when they use sudo (just like if they had the root
password and ran su) so inevitably, they can set the root password.
However the point is that you're not supposed to use a root password at
all.
> Edubuntu asks for one user only and that is an administrative user. For
> security reasons I don;t think this is a good idea. Later on you can
> change the password for the root account while being logged an as the
> user that was created during installation ?!?!!!! Unbelievable!!
The security is arguably better with sudo. With sudo you can configure
what a specific sudo user can do, ie they can be allowed only to run
certain commands, etc. and you can disable a given user's sudo trivially
without changing a root password and telling all the other admins. Also,
other bad habits such as logging in fully as root are prevented.
More info is here:
https://help.ubuntu.com/community/RootSudo
Gavin
More information about the edubuntu-devel
mailing list