Kubuntu experience

Peter Garrett peter.garrett at optusnet.com.au
Mon Apr 18 13:08:13 UTC 2005 

On Mon, 2005-04-18 at 20:07 +0930, Brian Astill wrote:
> On Sun, 17 Apr 2005 01:20, Peter Garrett wrote:
> > On Sun, 2005-04-17 at 00:38 +0930, Brian Astill wrote:
> > >[later] I see aptitude was installed and fortunately that does work
> > >(though capriciously, it demands MY password, not root's).
> 
> > > > > http://www.ubuntulinux.org/wiki/RootSudo
> 
> > the sections headed "Security"
> >                     "Possible issues with the "sudo" model" and
> >                     "Misconceptions"
> >
> > seem particularly pertinent.
> 
> So does "While there are various advantages and disadvantages to this 
> approach, compared with the traditional superuser model, neither is 
> clearly superior overall." from the same wiki.

I agree - that's also pertinent. I'm not an apologist for either
approach.
> 
> > > I want to be able to log in as root and do a number of things at
> > > the same "sitting".  eg setting up a network can be a real nuisance
> > > if  you have to sudo all the time
> 
> > Quite so: that's why you can use -"sudo -s" to get a root shell
> 
> Which completely eliminates the purported advantage of " It avoids the 
> "I can do anything" interactive login by default--you will be prompted 
> for a password before major changes can happen, which should make you 
> think about the consequences of what you are doing. If you were logged 
> in as root, you could just delete some of those "useless folders" and 
> not realize you were in the wrong directory until it's too late."
> 
> > "If you want a real root prompt you can always do "sudo su -."
> 
> see above.
> 
The point here is that you are setting up a straw man. The default/first
user has defacto root powers through sudo: but these can be exercised
either using individual invocations

sudo <command>

or by choosing sudo -s , sudo su, sudo /bin/bash , and so on. In other
words, the knowledgeable operator can use sudo to achieve the ends you
so ardently desire. On the other hand, the completely new user is not
aware of such powerful possibilities, at least until he/she learns to
read man pages, or is directed by a more experienced user. For such a
user, the constant reminders by requiring a password, that the level of
power is changing, are salutary, for obvious reasons. They are also less
likely to fall into the trap of forgetting they are running as root.

In addition, subsequent users created by the first user are not by
default in the sudoers file, and whatever powers they might be given are
at the discretion of the first user who is *you*...

As you are clearly an experienced user, no obstacles lie in your way, so
you can configure the system to your taste. Whether you prefer the
additional reminders that what you are doing is being done "as root" or
not, is up to you.

> > > In any case this is linux, not Redmond_OS.  I should not be denied
> > > full access to my own system.
> 
> > It is Linux; you haven't been denied anything; and you will not be.

As I've tried to elucidate above.
> 
> I'd like to believe you and sincerely hope you are correct.  BUT ...  
> why can't I work in the standard way without sudo intervening? 

Sudo is *you* acting in the capacity of "root" : so you are apparently
upset that you are interfering with yourself?

>  What I 
> can do as "sudo" is controlled by root - in this case the ubuntu 
> designers. 

You have the power to configure your system as you wish: if you prefer
to run as root, you have the power to do so. The Ubuntu designers can't
stop you, any more than they can stop you editing
your /etc/network/interfaces file, or indeed recompiling the whole
application suite to your own preferences...

> If sudo as implemented by those designers denies me 
> nothing, why not allow me the root login all the other unixen I know 
> use as a matter of course?

Ubuntu is aimed at new users and desktop users, but it has the power to
be whatever you wish it to be.

By starting with sudo, you can make a root user if that's your
preference: as you know. You can also reconfigure anything else that you
dislike. You can even disable the sudo account afterwards, if that is
your wish.

You can allow yourself any freedoms you wish: I thought that was what
Free Software meant?

Of course, if you break it "you get to keep both pieces". That's the way
freedom works, I guess...

> 
> -- 
> Regards,
> Brian
> 
Regards,

Peter

More information about the ubuntu-users mailing list