Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Great suggestions for proper configuration of 'sudo'---thanks!
Quote:
Originally Posted by suicidaleggroll
Where are you seeing that?
The "forbidden" command (sudo passwd root) can be found by googling "ubuntu root password" (it's the #1 search result) or by reading the Sticky thread at UbuntuForums:
How often do you need root privileges? If it's rarely, or if it's often but just for specific tasks, then I would enable the root account, tuck the password away somewhere safe, and restrict your sudo access to just those few commands you need commonly. If you're regularly performing activities that require full root access to a wide variety of commands, then it probably wouldn't make much difference either way.
As the primary developer of a scientific sensor used for research/education, a few years ago I visited a university to help them with the installation and setup of a new lab for the students. The computers were all Linux machines due to the toolchains required for the sensors they would be using, and the IT guy at the university decided to use Ubuntu for his own reasons. Since this was a university lab, all machines were set up the same way, with a common lab user with a known password for all of the students to use. Naturally, this was the first user set up on the machines, which means it was permitted full sudo access, and being a lab, the user name and password for the account was written on the white board at the back of the room.
ANYBODY could walk into this lab and wipe out the entire network of machines within a minute, or install malware, or do anything they felt like doing. This is the kind of environment that Ubuntu's "security policy" results in. Lazy or ignorant admins inadvertently giving everybody in the world full root control of their machines. I mentioned this to the IT guy there, but he didn't seem interested, and it wasn't my place to "drive the point home", so that's how it was left. They'll probably be re-installing the OS on those machines a couple of times a year due to corruption, be it accidental or malicious, by the students or anybody else who happens to walk by the room when it's unlocked. This is the same thing that happens with Windows. Set up an account, let it do anything, let anybody use it, viruses ensue. The same admin would have to go out of his way to make a more "traditional" Linux system this insecure, but that's just "the way it is" on Ubuntu right out the box.
I guess that's really what it boils down to. On a traditional Linux system you have to go out of your way to compromise its security. On Ubuntu you have to go out of your way to make it secure. The starting point, and where most users leave the system permanently, is the difference.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I have to agree that the sudo setup on Ubuntu seems a little ill thought out. On servers fine-grained sudo makes sense but Ubuntu doesn't do that. On PCs where there's a single user then root makes sense as there is only one person anyhow.
As an aside -- I bought a Raspberry Pi recently and I am totally appalled at the sudo set-up on it. I may start a new topic as it really has me gobsmacked.
I also thought about distribution upgrades, upgrades almost always fail ... apt was not really designed for that. Ubuntu has coders, I don't see why they can't design an upgrade program that will actually work.
I also thought about distribution upgrades, upgrades almost always fail ... apt was not really designed for that. Ubuntu has coders, I don't see why they can't design an upgrade program that will actually work.
Meh, opensuse's upgrade process doesn't work either, same with rhel/centos, fedora, and all other distros I've tried.
upgrades almost always fail ... apt was not really designed for that.
Yes it was, and it works exactly the way intended. If it doesn't work in Ubuntu, it's because of poor package design, or lack of testing, (maybe both), by designers.
When I used to hang out at UbuntuForums, 9 out of 10 failed release-upgrades were reported by users who had added unofficial repos (such as various PPA's) to their software sources. (I also saw a lot of garbage sources.list files, for example users who follow random online tutorials for the wrong release, such as mixing "precise" repos with their "trusty" system, or even heaven forbid mixing Ubuntu and Debian repos, yes I have seen this!!) Users who had installed only Canonical-tested software from the main repos generally had a smoother upgrade path. (This was a couple of years back, so I can't testify as to the current situation.)
That said, I am a big fan of the "test first in Live mode, then if the new release pleases you, do a backup and fresh reinstall" technique; it just feels cleaner and more likely to result in a stable system.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.