LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 08-16-2006, 01:13 PM   #1
tombiz
Member
 
Registered: Jun 2006
Location: Chicago
Posts: 64

Rep: Reputation: 15
Root vs. Admin?


So, I installed Ubuntu. I used my name and password during the setup. Now each time I boot Ubuntu I enter my username and password. Ubuntu also asks for password when I try to access some in depth features in Ubuntu. This is the only account I have setup in Ubuntu. Does this mean that I don't need to create an account for everyday use? Can I use my current account and be secure? Am I using the ROOT or ADMIN account. Please explain. Thanks.
 
Old 08-16-2006, 01:23 PM   #2
anirudh.iitm
LQ Newbie
 
Registered: Jun 2006
Location: chennai , india
Distribution: ubuntu
Posts: 26

Rep: Reputation: 15
ubuntu discourages use of root account as you can cause a lot of damage to your system by its improper use.you set root password by the
passwd
command in terminal.DO NOT SET ROOT PASSWORD.
anything that requires root permission is better done using the
sudo(superuser do)command.it asks for your admin password and gives you the superuser priveliges for a fixed length of time.use this everytime.
hope this helps.

p.s.:i THINK u are using your admin account(coz my case is the same
).if u find out otherwise plz tell me as well.
 
Old 08-16-2006, 01:43 PM   #3
aysiu
Senior Member
 
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,775

Rep: Reputation: 86
http://help.ubuntu.com/community/RootSudo
 
Old 08-16-2006, 02:27 PM   #4
randell6564
Member
 
Registered: Nov 2005
Location: California USA
Distribution: Ubuntu,(Feisty Fawn) Windows XP(Home Edition)
Posts: 634

Rep: Reputation: 31
Quote:
Originally Posted by tombiz
So, I installed Ubuntu. I used my name and password during the setup. Now each time I boot Ubuntu I enter my username and password. Ubuntu also asks for password when I try to access some in depth features in Ubuntu. This is the only account I have setup in Ubuntu. Does this mean that I don't need to create an account for everyday use? Can I use my current account and be secure? Am I using the ROOT or ADMIN account. Please explain. Thanks.
You are using admin. As anirudh said, it can be dangerous to be logged on as root. (it is possible to login as root). It is best to use sudo, but you can however become root while logged in as admin.

type Alt+F2, then type gksudo nautilus in the window that pops up.
enter your Admin password and a window will open and allow you Root priviledges within that window.

You are secure. No one can add, edit, install anything without first giving your password.

Last edited by randell6564; 08-16-2006 at 02:28 PM.
 
Old 08-17-2006, 12:04 AM   #5
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 76
I don't buy the whole sudo (in Ubuntu) is more secure than root thing because of several reasons. At the moment, you are running your system as a normal user with the power to do anything you want. To me, this is the same as running your system with full root privileges all the time and you can do the same type of damage that any other admin can do whilst logged in as root proper. Also the root account is enabled on Ubuntu, although most people seem to think its not. All thats lacking from the root account is a password. If someone were to gain access to your normal user account, they could give root a password (sudo passwd root) and basically own your computer since they will have full administrative rights. They could even tinker with your sudo settings so that you would not be able to lock them out by changing the root password.

My point is that running as root is bad, but the sudo thing in Ubuntu provides a false sense of security and having a normal root account is not bad at all. You could use both sudo and a normal root to actually improve the security on your system i.e. give root a password so that nobody else can if they break in using your normal users details and limit what you can do with sudo (e.g. prevent changing of roots passwd once its set).

Last edited by reddazz; 08-17-2006 at 12:08 AM.
 
Old 08-17-2006, 01:59 AM   #6
aysiu
Senior Member
 
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,775

Rep: Reputation: 86
Quote:
Originally Posted by reddazz
I don't buy the whole sudo (in Ubuntu) is more secure than root thing because of several reasons. At the moment, you are running your system as a normal user with the power to do anything you want. To me, this is the same as running your system with full root privileges all the time and you can do the same type of damage that any other admin can do whilst logged in as root proper.
You clearly don't understand how sudo works.

You are not running with the power to do anything you want. When you invoke the sudo command, which temporarily gives you administrative power, then you are prompted for a password before you're allowed to do anything with root privileges.

If someone's able to crack your password, well, they're able to crack your password, and it won't really matter if you have a sudo account or a root account. Your passwords suck and need to be rethought, then. It has nothing to do with sudo/root.

How is root any more secure than sudo?
Code:
su
password:
aptitude update
aptitude install acroread
exit
exit
Code:
sudo aptitude update
password:
sudo aptitude install acroread
exit

Last edited by aysiu; 08-17-2006 at 02:00 AM.
 
Old 08-17-2006, 02:27 AM   #7
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 76
Quote:
Originally Posted by aysiu
You clearly don't understand how sudo works.

You are not running with the power to do anything you want. When you invoke the sudo command, which temporarily gives you administrative power, then you are prompted for a password before you're allowed to do anything with root privileges.

If someone's able to crack your password, well, they're able to crack your password, and it won't really matter if you have a sudo account or a root account. Your passwords suck and need to be rethought, then. It has nothing to do with sudo/root.

How is root any more secure than sudo?
Code:
su
password:
aptitude update
aptitude install acroread
exit
exit
Code:
sudo aptitude update
password:
sudo aptitude install acroread
exit
I know how sudo works and thats why I made the comments above. If I felt that my knowledge about sudo was limited, I would not have bothered to post in this thread since I would be posting garbage.

I will explain myself a bit more and maybe you will get my points. In most Unix based OSes sudo is used to give a user limited root privileges whereas in Ubuntu a user (in the admin group) is given unlimited root privileges (not temporary like you say in your post), so they can basically do what they want as long as they put "sudo" in front of the commands they wish to run and enter their password. This is not different from running as root (minus sudo and the users password) because when you run as root you have the power to do whatever you wish to the whole of the system.

As for passwords, you seem to miss the point that passwords can be obtained without cracking (and thats why I did not specifically mention cracking of a system or other types of attacks). There are many people out there who use obvious passwords, write them down or are plain careless with them.

In my post I did not say running as root is more secure than sudo. I said you can use both methods to make your system a lot more secure.

Last edited by reddazz; 08-17-2006 at 02:30 AM.
 
Old 08-17-2006, 06:49 AM   #8
extrasolar
Member
 
Registered: Feb 2004
Location: Northamptonshire, UK
Distribution: Windows XP, Arch Linux
Posts: 131

Rep: Reputation: 16
You still need to use your password after a certain amount of time. You don't do sudo once, enter your password and have root privileges for as long as you're logged on. Also the amount of time that sudo remembers your password can be changed.

Further, when you issue a command using sudo and are prompted for your password, it makes you think about what you're doing rather than just being able to do it blindly using root.
 
Old 08-17-2006, 10:17 AM   #9
randell6564
Member
 
Registered: Nov 2005
Location: California USA
Distribution: Ubuntu,(Feisty Fawn) Windows XP(Home Edition)
Posts: 634

Rep: Reputation: 31
Quote:
Originally Posted by reddazz
At the moment, you are running your system as a normal user with the power to do anything you want. To me, this is the same as running your system with full root privileges all the time and you can do the same type of damage that any other admin can do whilst logged in as root proper. Also the root account is enabled on Ubuntu, although most people seem to think its not. All thats lacking from the root account is a password.

.
Not true. Root has to be allowed system administrator login privledges which requires a password to access. And yes then a Root password which also requires a password to create one.

I hardly see that as "Root being enabled by default"
 
Old 08-17-2006, 10:34 AM   #10
aysiu
Senior Member
 
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,775

Rep: Reputation: 86
Quote:
Originally Posted by reddazz
I will explain myself a bit more and maybe you will get my points. In most Unix based OSes sudo is used to give a user limited root privileges whereas in Ubuntu a user (in the admin group) is given unlimited root privileges (not temporary like you say in your post), so they can basically do what they want as long as they put "sudo" in front of the commands they wish to run and enter their password. This is not different from running as root (minus sudo and the users password) because when you run as root you have the power to do whatever you wish to the whole of the system.
Well, let's look at the difference, shall we?

Ubuntu's setup:
Log in as user, type a command, enter your password, operate as root temporarily (yes, temporarily because it's only for a short time until the sudo timeout takes effect).

Most other Linuxes' setup:
Log in as user, type a command, enter your password, operate as root temporarily (well, until you decide to log out of root).

So what's the difference? If you don't believe a password separating regular use and root use matters, then you're always running as root, regardless of whether you're using the root model or the sudo model.
 
Old 08-17-2006, 12:34 PM   #11
extrasolar
Member
 
Registered: Feb 2004
Location: Northamptonshire, UK
Distribution: Windows XP, Arch Linux
Posts: 131

Rep: Reputation: 16
As a single user it makes no difference whether you use sudo or root, I agree. But would you give your root password to everyone that needs to administer the system?

Don't forget that sudo can be used to offer some privileges and deny others.

Last edited by extrasolar; 08-17-2006 at 12:36 PM.
 
Old 08-17-2006, 03:15 PM   #12
randell6564
Member
 
Registered: Nov 2005
Location: California USA
Distribution: Ubuntu,(Feisty Fawn) Windows XP(Home Edition)
Posts: 634

Rep: Reputation: 31
Quote:
Originally Posted by extrasolar
But would you give your root password to everyone that needs to administer the system?

.
Why would I have to, or WANT to?
 
Old 08-17-2006, 05:13 PM   #13
aysiu
Senior Member
 
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,775

Rep: Reputation: 86
Quote:
Originally Posted by randell6564
Why would I have to, or WANT to?
If you're in a true multi-user environment (not just you and your computer), there are several users (possibly hundreds) using a particular system.

You may want to grant root privileges to some people and not to others. You may also want to temporarily give someone root privileges... or be able to take privileges away if she gets fired. Lastly, you may want to allow escalation of privilege for certain tasks but not for others.

The sudo model allows you to do this--with everyone still keeping her own password. The root model does not.

If you give someone the root password, she has that password forever unless she has a really bad memory or you kill her... or you change the root password once she leaves (then you have to notify everyone who uses root, "Hey, there's a new password because someone left").

However, if you use the sudo model, you just add the person to the admin group and let her sudo all she wants. When she leaves, you take her off the admin group or delete her account altogether.
 
Old 08-17-2006, 08:58 PM   #14
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 76
Quote:
Originally Posted by randell6564
Not true. Root has to be allowed system administrator login privledges which requires a password to access. And yes then a Root password which also requires a password to create one.

I hardly see that as "Root being enabled by default"
I don't get what you mean here. The root account is there like I explained before and if someone were to set a password for root, they could control the whole system and basically do whatever they wish.
Quote:
Well, let's look at the difference, shall we?

Ubuntu's setup:
Log in as user, type a command, enter your password, operate as root temporarily (yes, temporarily because it's only for a short time until the sudo timeout takes effect).

Most other Linuxes' setup:
Log in as user, type a command, enter your password, operate as root temporarily (well, until you decide to log out of root).

So what's the difference? If you don't believe a password separating regular use and root use matters, then you're always running as root, regardless of whether you're using the root model or the sudo model.
Sudo is not an Ubuntu only phenomenon. Other distros and Unix OSes use sudo but by default, it is not implemented in the same way as Ubuntu (like I mentioned above). Its not used to give a user the power to run any commands they wish (although it can be configured to do that), but a selected few depending on what the admin wants other users to be able to do (e.g. reboot the system, mount devices etc). On Ubuntu any user in the admin group has free reign to run any commands they want.

Quote:
If you're in a true multi-user environment (not just you and your computer), there are several users (possibly hundreds) using a particular system.

You may want to grant root privileges to some people and not to others. You may also want to temporarily give someone root privileges... or be able to take privileges away if she gets fired. Lastly, you may want to allow escalation of privilege for certain tasks but not for others.

The sudo model allows you to do this--with everyone still keeping her own password. The root model does not.

If you give someone the root password, she has that password forever unless she has a really bad memory or you kill her... or you change the root password once she leaves (then you have to notify everyone who uses root, "Hey, there's a new password because someone left").

However, if you use the sudo model, you just add the person to the admin group and let her sudo all she wants. When she leaves, you take her off the admin group or delete her account altogether.
As mentioned above, sudo is available on all Unix OSes, so using a blend of the root model and sudo, you can do what you descibe above i.e. give some users selected admin privileges.

To me, the whole sudo thing in Ubuntu is not about security, but making it easier for new comers to Linux to administer their systems without understanding much about the Unix security model (which is not bad if it helps other people convert to Linux).
 
Old 08-17-2006, 09:32 PM   #15
fragos
Senior Member
 
Registered: May 2004
Location: Fresno CA USA
Distribution: Ubuntu 10.10
Posts: 1,466

Rep: Reputation: 51
Let's not forget we can change root/sudo any way we want. You can even use both if you choose. Default Linux distro configurations don't limit options they just select the starting points.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is your default user root or admin? ViROID Linux - Security 23 05-03-2006 07:26 PM
Cups admin not accepting any passwords including root jago25_98 Linux - Software 2 12-11-2005 03:53 PM
root (Admin) user crashes jimbrook SUSE / openSUSE 8 05-23-2005 07:04 PM
Admin-but not root KasperX Linux - Security 5 05-09-2005 04:23 PM
problem regarding on admin and root pass glacier1985 Linux - Newbie 5 07-13-2003 08:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 08:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration