for everyone whose sick of sudo read this

Brian Puccio brian at brianpuccio.net
Sun Jul 3 18:16:17 UTC 2005


On Sun, 2005-07-03 at 12:45 -0400, irusun wrote:
> As a long time user of Linux, I was quite confused after installing
> Ubuntu - it took me a few hours to figure out what was going on with
> the whole sudo/root thing.  If Ubuntu is going to do something
> radically different like change the nature of the root user (from every
> other distro I've ever used), it should be much more clear up front
> during the installation.

It's been months since I last did an install, but I do remember
something about administrative tasks asking for the initial user
password.

> *nix has its origin in a multi-user environment, often involving dozens
> if not hundreds of users.  With so many remote and sometimes unknown
> logins, security is obviously an issue.  But the reality is that most
> of the people using Ubuntu are just single (or family) users who just
> want an alternative to Microsoft.

So you wouldn't mind then if I, or someone far less honest, had access
to your computer?  You don't do any online banking?  You don't purchase
anything online?  You have nothing on your computer that you wouldn't
mind being public?

If so, fine, security is of no concern to you.  But for those of us who
use their computers for the above reasons, and possibly even work,
security IS an issue.

> The idea that there's rarely a use for root is a complete Utopian Linux
> fantasy.  It's nice to see Ubuntu has made it less necessary to be a
> root user than a lot of other distros, but the root user is a very
> useful thing to have around for involved system administration.

I'm quite fine without a root user.  Having to sudo to do things leaves
a very visible trail:


> Jul  3 13:34:40 localhost sudo:    brian : TTY=unknown ; PWD=/home/brian ; USER=root ; COMMAND=/usr/sbin/synaptic

This comes in handy if for some very odd reason you have a shared system
with more then on sudo'er.  (What, you'd give 2+ people a root password
and have no way to figure out who did what and when?)

> The danger in Ubuntu, in my opinion, is that the user uses the password
> so frequently for everyday tasks, that is soon becomes automatic to just
> enter it in without thinking about it.

What everyday tasks?  I consider checking my email, talking to friends,
typing up a school paper and playing some wesnoth and everyday task.
Any time I need a password for anything, I know its something that could
break the system.  I can't inadvertently break the system without
sudo'ing.

> I'm not complaining about how Ubuntu uses root, but it really starts to
> sound ridiculous the way some go on about how "bad" logging in as root
> is.  It's like any tool - learn how to use it, respect it, and have
> fun!

I must have missed the "fun with root" o'reilly book.  FWIW, the fact
that the default windows user has admin privs is one of the reasons that
the spyware propagates so well on windows platforms.  Even the MS
evangelist, Scoble, says that running as admin on windows is not a
bright idea:

http://radio.weblogs.com/0001011/2004/08/22.html#a8128

I'll jump on the band-wagon and say that if you need to login as root
for anything other then a single command or two, you're probably doing
something wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050703/722bd2b0/attachment.pgp>


More information about the ubuntu-users mailing list