Ubuntu install lets you create a single do-everything password. Is it better practice to revert to the standard of a $ and # password? On a single user/owner home PC, is there a good reason to do so? Or, not to do so?

Ubuntu uses sudo to manage administrator privileges.

You can enable the root user account if you wish, but sudo is different in that it only grants administrator privileges for a short period of time.

The root user account has all privileges and should ONLY be used when you need administrator privileges. If your new to Linux I'd suggest you learn the system before using the root user account.

Best practices would say that a different passwd for each user is prudent - just as a general practice. If your Linux experience is never going to leave the doors of your house and your machine isn't going to be public facing (ports open and forwarded to behind a NAT) then I don't see there being any issue with the same passwd for each user and a relatively simple one at that.

My home-built NAS units which reside on the local network - but are not publicly accessible - have simple pass configurations. Anything that is public facing is generally more complex than that. The SUDO system/method is really good in practice - because as you get deeper into Linux there are going to be times where you will be very happy you weren't root after hitting the enter key... Just develop the habit of using it... It really is unnecessary to be travelling around as root all of the time for every day tasks and can in turn create much greater unanticipated problems down the line.

I very strongly advise that you should not "routinely" use a user account that is capable of issuing the command sudo su to become root. In other words, your ordinary accounts should not be a member of the wheel group.

Then, yes, I would disable direct login access to the root user-id. (Usually, this is already done.)

This is an exercise of the Principle of Least Privilege, which takes advantage of the fact that "digital computers are terrible at knowing when to say 'yes,' but they're terrific at saying 'no!'"

Only one user-id on your system should be capable of walking into a telephone booth and flying out wearing ugly blue tights. Any rogue software that manages to steal your password (or to cajole you into providing it) would find its feet stuck firmly on the ground. And of course, you should never provide that user-name and password in response to any prompt, unless you are damn sure where it came from.

On all of my systems, of whatever type, every user save one is a "limited user," incapable of exercising elevated privileges, and all of their /home directories are private to themselves. (And if you did somehow get a list of users, you couldn't pick out which one it was.)

1 members found this post helpful.

Mucho good advice sundialsvcs!

@sundialsvcs
Your response is at the threshold of my Linux knowledge - probably beyond.. anyway,

This is exactly what my install did. I can just, $ sudo su, and become #. That's poor, right?

So, to improve that, I'd have to create a root account (be patient I'm winging it..)
then if I wanted to be root, I'd Ctrl + Alt + F1, go into console, sign in and be root there. Something along those lines, I assume.

Thats the default config for Ubuntu, I mean you'll still need the administration password to run sudo.

On the default Ubuntu you can't login as root, unless you run sudo passwd root and set a password first. after that just run su in any term and provide the root password.

This is a tough one. While I agree with sundialsvcs in princial I feel that the Ubuntu sudo setup is, perhaps, "good enough" for a single-user home system and thatKs why they did it.
Personally, I log in as root when I want root using "su -" with no sudo, because when I log in as root I'm only carrying out system-administrator tasks.
I also find an awful lot of blog posts and even scripts out there which seem to preface every command with "sudo" for no opther reason than the person posting it doesn't know whether they need to sudo (or can't specify a full path as with he case of ifconfig) and range from just silly to potentially dangerous.

1 members found this post helpful.

When you put in your password for sudo, sudo gives that user account root user rights, to the command, you are running with sudo in front of it.

You can also become root user from a virtual terminal, like gnome-termianl, not just CTRL+ALT+F1

I will "politely dissent" here and simply suggest that you should not continue to use the first user-ID which (Ubuntu) sets up: instead, set up another one for everyday use.

And, if you "wear many hats," set up as many as you need – one for each "hat." Every single one of them non-privileged.

For instance, when I have to do small-business accounting (ick ...), I log-in as the accountant-user. All of the files needed by the accounting application are located in this user's home directory – and are accessible to no one else. (On my machine, all /home directories have permissions 0x700.)

Since these accounts have no credible reason to be authorized to fly out of a phone-booth, they can't.

I'm not sure who your "dissenting" with here sundialsvcs, but to expand upon the point I was trying make in post #2:

On my machine, the only user account that has ANY root privileges is the root user account. I agree with setting up an UN-privileged account for everyday use. I also totally agree with 273. I also follow the "Principle of least privilege" and always do myself.

My point was that, the OP should do as much learning about Linux and best security practices BEFORE worrying about enabling the root user account. I also agree that it would be very wise to setup an account that does not have any permissions from sudo, aka a completely un-privileged user account.

But, you need to remember that your talking to someone that does not seem to have a lot of experience with Linux, un-like yourself. Which is why the OP should be focusing on learning best security practices and about how that can be applied to Linux.

I personally would also say that one un-privileged user account would be more than enough for a stand-alone/home system, that is not a part of any local network and has only an Internet based network connection.

Phew.

OTOH..

Thanx all. My appointment book is full for the next few days: Learn Linux Password Security Practice/Policy.

I prefer having separate root and user(s) passwords.

I have never yet seen a convincing security argument for the *buntus' creepy sudo fetish. When I use a *buntu, one of the first things I do is establish a root password.

Not that I have strong feelings about this . . . .

If you want to be proficient with Linux, you need to break it often, and fix it. Single user/owner home pc.... I suggest playing with all features since you are not on a network, split the drive into multiple small partitions or use more than one drive and install more than one copy, do your online banking and sensitive stuff on one secure installation and play on the disposable copies, assuming precious data is stored on a separate "DATA" drive/partition. Storing data in the OS partition is just down right stupid, weak, and will prevent rapid advancement.

If you've been using Mac or Windows and are already accustomed to doing sensitive online activities there, chances are you'll keep doing it there since your already comfortable with that. BREAK YOUR LINUX

I always have root account, sudo requires too much typing, I hate it, don't use it, stopped installing it. All CLI is done as root and have never cried a single tear.
The day Debian denies root access is the day I give Linux the finger and the boot, goodbye Linux.