<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> This is more simplistic than having several users (roles) each with a limited and well defined set of permissions... as would be for example implemented with RBAC. Since, with RBAC (Role Based Access Control) you can't by mistake do "rm -rf /" and delete your own machine if you are currently active with the "printer administrator" role, for example. If the "printer administrator" role doesn't imply "full write access to filesystem" then you just can't do that. Whereas with the way SUDO is configured on Ubuntu, you can do "sudo rm -rf /" just as easily as if you were root and did "rm -rf /" by mistake. And believe me, it's easy to make a typo when doing something like "sudo rm -rf /tmp/*" and end up with a command that goes "rm -rf /tmp /*" because you hit the space bar at the wrong moment. It is roughly equivalent to having a root user... with no available root password. It normally is interesting as, that way, you can be yourself, with no need to be root all the time, but with easy access to administrative tasks... It's somewhat interesting to avoid mistakes. And also interesting from a security perspective, since you don't have to give root password to anybody. Just tell the sudo system that they are (or are not) allowed to do administrative functions. Sudo is also very interesting from a tracability perspective. If you use root, once you log into the root account, commands ran as "root" lose tracability. You could have several users logged in as root and you don't know which one ran which command as root. With sudo, you keep a log of which users actually sudoed each command. So from an auditing perspective, it is much better that having a root user. (As long as people don't "sudo bash"). Gilles. Peter Garrett wrote: <blockquote cite="mid:20071105043601.45e303fb.peter.garrett@optusnet.com.au" type="cite"> <pre wrap="">On Sun, 04 Nov 2007 18:28:19 +0100 Gilles Gravier <a class="moz-txt-link-rfc2396E" href="mailto:Gilles@Gravier.org"><Gilles@Gravier.org></a> wrote: </pre> <blockquote type="cite"> <pre wrap="">Simplistic in the sense that by default, your administrative user has ALL THE ADMINISTRATIVE RIGHTS. In Ubuntu by default there the administrative roles (create users, populate home directories, manage network, change peripherals, change users passwords, and so many more) are simplistically merged into ONE SINGLE ADMINISTRATIVE user. </pre> </blockquote> <pre wrap=""> How is this more simplistic than having a single root user who by definition has all administrative rights? Peter </pre> </blockquote> <div class="moz-signature">-- <meta content="text/html; " http-equiv="content-type"> <title>Signature Home Chastity</title> <meta content="Gilles Gravier" name="author"> <div style="text-align: left;"> <table style="text-align: left; background-color: rgb(102, 102, 102); width: 500px; height: 73px;" border="1" cellpadding="3" cellspacing="3"> <tbody> <tr> <td style="text-align: center; vertical-align: middle; background-color: rgb(204, 204, 204); white-space: nowrap;"> <div style="text-align: center; background-color: rgb(204, 204, 204);"><tt>Gilles Gravier = <a href="mailto:Gilles@Gravier.org">Gilles@Gravier.org</a> = <a href="http://www.gravier.org/">http://www.gravier.org/</a></tt> </div> <div style="text-align: center; background-color: rgb(204, 204, 204);"><tt>ICQ : <a href="http://www.icq.com/whitepages/about_me.php?Uin=77488526">77488526</a></tt> <tt> || </tt><tt>MSN Messenger : <a href="http://members.msn.com/Gilles@Gravier.org">Gilles@Gravier.org</a></tt><tt> </tt>Skype<tt> : <a href="callto://ggravier">ggravier</a></tt><tt> || </tt><tt>Y! : <a href="http://profiles.yahoo.com/ggravier">ggravier</a></tt><tt style="font-weight: bold;"> || </tt><tt>AOL : <a href="aim:goim?screenname=gillesgravier">gillesgravier</a> </tt><tt>PGP Key ID : <a href="http://pgp.mit.edu:11371/pks/lookup?search=0x8DE6D026&op=index">0x8DE6D026</a></tt> </div> <div style="text-align: center; background-color: rgb(204, 204, 204);"><tt><a style="font-weight: bold; color: rgb(0, 153, 0);" href="http://www.gmap-track.com/user.php?user=ggravier">My Last Known Position / Ma Derniere Position Connue</a> "Chastity is its own punishment." (Solomon Short) [David Gerrold] </tt>"De toutes les aberrations sexuelles, la chasteté est la plus aberrante." [Anatole France] </div> </td> </tr> </tbody> </table> </div> </div> </body> </html>