Creation of User profiles at install
Scott Balneaves
sbalneav at legalaid.mb.ca
Mon Oct 30 14:49:25 UTC 2006
On Mon, Oct 30, 2006 at 06:58:03AM -0400, frank claessen wrote:
> Edubuntu asks for one user only and that is an administrative user. For
> security reasons I don;t think this is a good idea.
Why not? How is this inherently less secure than a root account?
By creating an initial priveleged user, that executes commands via the
sudo command, you have better, fined grain control. For starters,
anything issued via the sudo command is logged. Not so for a root
login. As well, it more directly ties admin privs to a real userid, as
opposed to the nebulous "root" account. In addition to this, every
external hacker knows that any unix-like box has a "root" account, and
so, it's frequently the subject of brute-force password attacks.
Leaving this account disabled by default eliminates this worry.
There's an entire wiki page documenting all these reasons, at the Ubuntu
site. You might want to check it out.
> Later on you can
> change the password for the root account while being logged an as the
> user that was created during installation ?!?!!!!
Sure, it's still Linux, and there's nothing to stop a knowlegeble admin
who's used to the old idea of an enabled root account from simply adding
the password. The idea here is to *ship the OS in a default secure
state*. There's nothing stopping me from creating users with empty
passwords either. Or enabling writable anonymous FTP sites. Or
installing the old rsh style commands. Nothing *STOPS* you from making
your system *LESS* secure. That's the admin's choice.
> Unbelievable!!
How so?
> Would like to know what others think about this. I would prefer the way
> of the other distro's
The key phrase in your email is "..other distros...". Other distros do
it the traditional way. Ubuntu is doing something new, which has been
proven to be no *less* secure than the old way, and certainly, one
command post install (sudo passwd root) gets you "the old way" that you
seem to like. Seems like an easy solution to me.
Scott
--
Scott L. Balneaves | "Looking beyond the embers of bridges glowing behind us
Systems Department | To a glimpse of how green it was on the other side..."
Legal Aid Manitoba | -- Pink Floyd "High Hopes"
More information about the edubuntu-devel
mailing list