Straight outta the box, and already I have a problem.

So far, there is only one thing I cannot do and it prevents me from doing many things. Sudo won't accept my root password. I noticed it first when I tried to view online updates. I receive this error:
Failed to run /usr/bin/update-manager as user root:
Wrong password.

I made sure the password was correct by opening a terminal and
$ su
Password:
#

Yes... it is the right password. But sudo doesn't think it is. Any suggestions?

EDIT: So I did a little searching around the forum and found out that the password I'm supposed to type in is my user password. I did that, but now the app won't run. I'm guessing it accepts my password, because it doesn't return an error message, but the update window doesn't show up.

i think you run sudo as the user, using the user password. root doesn't need to be sudo, it's already root.

Didn't get done editing in time... sorry slackhack.
Now I have a new problem.

does it run as root? it may be a matter of opinion, but imho i dont think there's really any advantage to using sudo on a single-user box. if anything, it probably only reduces your security. if i were you i would forget about sudo and just use the root account for administration.

Everything runs fine as root. I don't know many app names so I was using the shortcuts on the panel. All of the shortcuts use gksudo (which I'm assuming is the gui sudo?). All I have to do though is make a shortcut on the desktop and check its properties to find out what app it is running.

Because any malicious hacker would know that your username is slackhack, but they would never guess to think there'd be a user called root...

are you being sarcastic?

how does having sudo protect against a hacker knowing you have a root account?

From the Wiki:

and? if a hacker is able to get into your box as root using a brute force attack, they are going to be able to do that whether you have sudo or not, aren't they? unless some functionality was added to sudo that i don't know about, it doesn't protect you from a brute force attack against root, does it?

The root account is not enabled in Ubuntu by default.
There is no root account.
You cannot log in as root.
If you know the sudo password and try to log in with the username root and the sudo password, you will not be able to do so.

So someone trying to "brute force" in would have to know two things--your username and your password (and not only your username, but on a multi-user computer, which one has access to sudo privileges).

In a typical root model (every other Linux distribution), there is always a user named root who can log in. Everyone knows this user exists and that root can do anything on the computer--thus only the root password is in need of figuring out.

i see, thanks for explaining that. i thought once the root password was cracked, that was it whether you have sudo or not.

a lot of services often don't allow root login (ssh, ftp, etc., or can be configured that way), so it also seemed to me that it might be easier to try cracking a box using random common user names, which i have heard people try to do. or you also see a lot of screenshots with usernames, or even someone just walking past your PC might see the username, etc. in that case, by using sudo you have added X amount of accounts with root privileges, depending on how many users are on the computer who have sudo. so theoretically that is more opportunities for root privileges to get cracked, if you see what i'm saying.

i still am not sold on the idea that username + password with sudo is automatically more secure, but i can see how it might be more of a challenge if you don't have the username. it seems kind of like "security through obscurity" though, if you think about it. i guess at the fundamental level, all security is through obscurity in that sense.

thx

Well, every security model has pros and cons.
The http://wiki.ubuntu.com/RootSudo entry on sudo is pretty evenhanded about those pros and cons. It doesn't make it sound as if a root model is death to security, and it doesn't put sudo on a pedestal.