if you type sudo bash even a reguler user becomes root
its not a problem because i dont use the multiuser system
but doesnt this defeat the privledge system?

Hi Sudo isn't really about becoming root, since once a user uses sudo su - or sudo bash they can do whatever they like and from a system auditing point of view it becomes hard to track down what that user does.
Sudo is designed to give normal users elevated permissions. Exmaple, lets say we have a helpdesk, they need to be able to start and stop apache, under normal conditions they cannot, but we can grant them permission just to run the commands they need to do this task. That way apache is still run as root but the commands are locked down to only those specified by the admin. Good news for the admin as well, now he doesn't get called every time the helpdesk can now do it.
You can create groups of system, users and commands to give better control.
There's more to it of course but thats the basics.

On most distributions regular users aren't given the flexibility to run whatever they want. sudo is only there so that the administrator can give them the ability to run specific commands under specific conditions, and only after being explicitly configured to allow it. You can't use sudo to run things like bash unless the administrator lets you.

However the developers of Ubuntu and its relatives have decided to use sudo in a different way. It's their belief that users switching to a root console and then leaving it open for protracted periods of time is a bigger overall security risk than simply giving them the ability to administer the entire system with sudo as needed. The fact that you can use it to switch into root isn't the issue for them; they just think it's better to not need to do it.

It's basically a risk trade-off, with different people having different views on what's most important security-wise.

i am not concerned on security and thats part of the reason i dont lie Ubuntu
i just thought sudo was a security hole

I'm an Ubuntu novice, but IIRC after a 9.04 installation, only the account that I created at install time was a full sudoer. I added accounts post-installation, and they were not automatically made sudoers.

The implication to me is that they (Ubuntu team) expect that the initial account will be acting as admin as well.

So you are the actual security hole

You can always set sudo to behave the way you want it to. You need to configure it.

configurable? neat

Configurable?

That's what we've been saying from the beginning. Sudo is simply a way for the root user to give other user's permission to run certain commands with elevated permissions, so it certainly is configurable. Highly configurable. In Ubuntu they've simply configured it by default to give the first user complete access to the system (as well as simultaneously disabling the root password), but there's no reason you can't reconfigure it to include or exclude whatever commands and users you want, or even if they need to use passwords or not.

It's all up to what you put in the /etc/sudoers file. Check out the man pages for sudo, sudoers, visudo, and the copious information on the net about it.

Perhaps, you should be using "visudo" to edit the sudo configurations. Check man pages for quick reference. There are plenty of good guides available in the Google.

I wish the *buntus would stop this and just use root and sudo the way they were intended. Sooner or later this sort of behavior is going to cause a huge security breach in the *buntus.

You should be able to vi /etc/sudoers as well.

@abefroman
You might already know this, but
From man visudo

Thanks, and yes, I knew about visudo, never use it though.

visudo often helps to eliminate some common mistakes that users make while creating sudo rules. It is always advisable to use it. The most adorable feature that I liked about visudo is that it will always tell you about a wrong rule when you want to save and come out of the vi editor.