Security.

Simon Santoro simon.santoro at poste.it
Fri Feb 11 09:30:53 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Keith Powell wrote:
| As installed, my user password is also my root password.
This is actually not the case. The root user has no password, but you
can actually sudo to root using your user password because you are in
the sudoers list. (man sudo)

| Does this not
| mean that if anyone found out my user password, they could also get
| into the system as root and so do what they liked with it?
Yes.


| With the
| other Linux distros I have used, one needs a separate root password, so
| making it much harder for others to do any damage. Sorry, but to me
| this smacks of the pre-XP Windows wide-openness.
Well, this is your personal opinion. I like the sudo approach to the
problem. If someone discovers your personal user password you are
already screwed anyway, because the attacker has access to all your
sensitive data in your home folder (emails, cookies, documents, ...).

| I see from the Unofficial Ubuntu Guide, that it is possible to set up a
| separate root password. Shouldn't this be the default and set up on
| installation?
Personally I really like the current setup. Why remember a second password?

| I am not trying to be abusive in any way about Ubuntu, but am wondering
| what the reason for this "no root password" is.
|
| If anyone could either explain the reason, or point me to where to find
| it, I would be grateful.
http://www.ubuntulinux.org/support/documentation/faq/root


- --
+S2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCDHtN//MyBw4dqD8RAoLmAKCiRZxrThXkilmt51e0fPVfOOVGzgCgk7nu
wMz1c54VkUqEzwolTe/1Kig=
=C/uB
-----END PGP SIGNATURE-----




More information about the ubuntu-users mailing list