that darned ROOT problem

Eric Dunbar eric.dunbar at gmail.com
Thu Sep 29 15:20:51 UTC 2005


On 9/29/05, Matan Nassau <matan.nassau at gmail.com> wrote:
> On 9/28/05, Mario Vukelic <mario.vukelic at dantian.org> wrote:
> > If someone tries to su to a non-existant account, su complains:
> >
> > mario at phonic: / $ su doesnt_exist
> > Unknown id: doesnt_exist
> > mario at phonic: / $
> >
> > If someone tries to su to root when it is disabled, it could well say
> > "root account disabled. See /usr/share/doc/<somepackage>/README for
> > info", at least the first time it is run by a user.
>
> This is not the same. root does exist, and will never cease to exist.
> As much as I understand the mechanism of sudo, sudo is merely a
> running automatic third-party between users and root, and it knows who
> is priviledged and who's not, to forward requests to root.
>
> All Ubuntu did was to DISABLE root, not delete it (you can't, correct
> me if I'm wrong). They just edit the passwd file so that any password
> you enter to become root will fail. root is still there as much as su,
> or the system for this matter, are concerned. You can, however, wrap
> su with some crafted script (or worse yet change the su code) but you
> then start doing things the Wrong Way(tm), because you farther make
> the users get used to Non-Standard(tm) things -- only this time for no
> justified reason.

But, root can easily be enabled, if desired. Also, IIRC, you can have
both an active root account (with a password) and sudo operating
simultaneously. Then again, as has been pointed out, an active root is
frowned upon -- _not only in Ubuntu_ -- because it offers only crude
and primitive "super user" controls (no such thing as allowing a
certain group of users to _only_ run apps x, y and z as root).

Eric.




More information about the ubuntu-users mailing list