About root or administrative account
David B Teague
davidbteague at verizon.net
Fri Mar 23 22:40:19 UTC 2007
First, many thanks to all who answered this inquiry: Kristian, Tony,
Eamonn, Wee-Yee Chan,Jarrod, Ramkumar, Derek, and Matthew, with useful
commentary. I appreciate the several opinions. Hope I didn't miss anyone.
I do not yet understand why the Ubuntu way, sudo, with the USER's
PASSWORD, is not less safe than having a different root password. I
think the ordinary user who does an administrative task should have to
use the root password. Someone pointed out that sudo gives logging,
which will give some tracking, useful after the fact, but is in fact,
not safer.
The logging that you get with sudu helps, and that with a single user,
there isn't a lot of difference in security between having a root log-in
and separate password and having a disabled root loging and using sudo
with the user password as Ubuntu does.
The way Wee-Yee Chan describes that setup is the way they were under
early (beginning in mid 1980s with System V.2, 3 and 4) AT&T Unix
systems. The root account was set so that is was not remotely
accessible, it had a different password than user accounts, and though I
think sudu was available for administrative tasks, I am not sure I knew
about it. I do know I never used it.
For a single task, I wrote
su -c "the task"
upon giving the root password, "the task" was executed in as root. I do
not know whether this was logged.
Further comment appreciated.
To Wee-Yee Chan: Is Wee-Yee your given name and Chan your family name?
Or the other way 'round?
Warmest Regards
David Teague
Wei-Yee Chan wrote:
> Derek Broughton wrote:
>
>> otoh, I administer a CentOS (based on RedHat) system, which may or may not
>> have root enabled - I've never checked because I just use sudo.
>>
>>
> Come on, U know it doesn't matter. I've got root enabled on all of my
> Ubuntu machines. The password is different from the one that I use for
> my personal account, of cos. My personal account has no administrative
> privileges so whenever I need to attend to an administrative task, I'll
> just start up a terminal window and hit "su", or alternatively login as
> root.
>
> I've got remote login disabled, all my computers are behind my router,
> and I'm the only person capable of doing any real damage to my
> computers. What could possibly go wrong? :-)
>
> Regards,
>
> Wei-Yee Chan
> http://chanweiyee.blogspot.com
>
>
More information about the ubuntu-users
mailing list