Root's password should always be as hard or harder to crack than any user password. If it's not, then the person who set it up did it wrong.

Then the person who set up it up did it wrong.

1) Then they're doing it wrong
2) And a user's password isn't?

Since when? I have never seen that, and I would be extremely shocked if that was the case with any mainstream distro.

And since remote access is disabled for root by default on most distros (and should be immediately disabled by the admin on the rest of them), that doesn't really matter.

Agreed, sudo can be a very useful tool when it's configured correctly. Ubuntu's approach is a joke.

Agreed, and a somewhat cruel joke in that it ultimately cripples new user's ability to understand related concepts.

Hammer and nail analogies usually apply here, so let's contrive a new one...

Faced with confusion and awkward use of hammers by some users, the Ubuntu Kit Home Company decided to include pneumatic nailers with its kits instead. Unfortunately, they failed to properly document the new tool and its uses, so the most common complaint now goes something like this...

1 members found this post helpful.

I don't know where you got this from, but the last time I checked the first created user is in the "sudo" group. This is different from being root. And by default Ubuntu doesn't have openssh-server installed.

Sure, it puts them in the sudo group, and if you look at /etc/sudoers you have this little gem:
The end result is that the first configured user (and anybody else placed in the sudo group) is granted full, unrestricted sudo access. This essentially turns that user account into root, because it's now allowed to do anything, without limits or restrictions, just like root can.

Most distros don't...the point was that once the ssh server is enabled, you now have essentially opened up root ssh access. Similarly once X is installed, you now have essentially opened up root GUI logins. Both of which are security problems, but Ubuntu forces you into it.

...after typing in his password. This tiny detail makes the difference. He is NOT root. And if his password is weak, than THAT is the problem, not the fact that he is in sudoers.

Sigh...

We should call it the Ubuntu-sudo syndrome - a powerful mental block to all further understanding.

It IS a problem...security is all about barriers. Only open up what needs to be opened up and leave the rest closed off. If one barrier gets compromised, you have another right behind it that will limit the fallout. If you don't need ssh access, don't run ssh. If you do need ssh access, shut off root ssh access so script kiddies can't break in no matter how many passwords they guess. Even if they're able to break into a user account, the worst thing they can do is wipe out that account, they STILL need to break ANOTHER password in order to do any real damage. And no matter what you do, don't log in to the GUI as root, as it opens up the entire system to vulnerabilities.

Disabling the root account and giving a regular user account unlimited sudo access removes a huge barrier. It sacrifices security for convenience, and it's just one step away from Windows' laughable "are you sure you want to do that" security prompts.

Yes if the user uses an incredibly secure password that isn't re-used anywhere else, on any other machines or any online accounts, Ubuntu's approach is nearly as secure (but still not as secure) as the traditional root approach, but that's not realistic. Under realistic conditions, Ubuntu's approach is significantly less secure, and for what? What is the advantage? So the user can be lazy?

1 members found this post helpful.

Obligatory XKCD.

This is why I use dm-crypt, and lock my screen if I walk away for more than a minute. I could also just be paranoid.

hah - that's a good one

Laptops are a bit of a different beast. It's not that sudo/root access doesn't matter on them, but there are other things that matter far more. Encrypted filesystems (or at least an encrypted container where you can put your sensitive documents), screen locking, etc. are much more important.

One trick I use regularly is to have scripts that reinvoke themselves via sudo if they're running as the wrong user for doing whatever it is they're meant to do.
e.g.
Obviously you still need to setup the sudoers rules to allow it, but you don't need to remember about prefixing them with sudo or specifying the correct user when you need to run them.

It is often useful to log into the system in GUI mode with root privileges. Particularly if there is to be some drag and drop activities and some selective deletes of files.

Most definitely, we do not use the web during this GUI session.

Sometimes though I need to do copy/paste and selective deletes of files. I have two choices.

sudo nautilus (which gives me root privileges with nautilus) along with terminal mode to do sudo su -i,
or

When the number of files is large, and the redistribution and ownership changes are required, root with GUI is best to use.

Well that surely stirred the pot. None of the responses answered my question. Even if I don't, I pretend to known what I am doing. So if I need to run a command as root, I do it. I am just trying to limit my error prone typing. When I call a command that needs root, I just hit command recall and prefix the command with sudo. Extra typing! I am the only one using my systems and don't need the extra security.

I guess what I am looking for is a way to prefix the last command line with sudo, like a keyboard shortcut, maybe "CTRL-Enter"?

I run Ubuntu, Fedora, Raspbian and would like universal fix.

Add the following to ~/.inputrc:
That works with CTRL-t, I think CTRL-Enter can't be distinguished from Enter unless you do something special to your terminal. The above should work with any system using bash.

OK, then command line I need is:

sudo !!

Now how do I add that to my Window Keyboard shortcut list?