Re: Creation of User profiles at install: msg#00138

On Mon, Oct 30, 2006 at 06:58:03AM -0400, frank claessen wrote:

> Edubuntu asks for one user only and that is an administrative user. For
> security reasons I don;t think this is a good idea.

Why not?  How is this inherently less secure than a root account?

By creating an initial priveleged user, that executes commands via the
sudo command, you have better, fined grain control.  For starters,
anything issued via the sudo command is logged.  Not so for a root
login.  As well, it more directly ties admin privs to a real userid, as
opposed to the nebulous "root" account.  In addition to this, every
external hacker knows that any unix-like box has a "root" account, and
so, it's frequently the subject of brute-force password attacks.
Leaving this account disabled by default eliminates this worry.

There's an entire wiki page documenting all these reasons, at the Ubuntu
site.  You might want to check it out.

> Later on you can
> change the password for the root account while being logged an as the
> user that was created during installation ?!?!!!!

Sure, it's still Linux, and there's nothing to stop a knowlegeble admin
who's used to the old idea of an enabled root account from simply adding
the password.  The idea here is to *ship the OS in a default secure
state*.  There's nothing stopping me from creating users with empty
passwords either.  Or enabling writable anonymous FTP sites.  Or
installing the old rsh style commands.  Nothing *STOPS* you from making
your system *LESS* secure.  That's the admin's choice.

> Unbelievable!!

How so?

> Would like to know what others think about this. I would prefer the way
> of the other distro's

The key phrase in your email is "..other distros...".  Other distros do
it the traditional way.  Ubuntu is doing something new, which has been
proven to be no *less* secure than the old way, and certainly, one
command post install (sudo passwd root) gets you "the old way" that you
seem to like.  Seems like an easy solution to me.

Scott

-- 
Scott L. Balneaves | "Looking beyond the embers of bridges glowing behind us
Systems Department |  To a glimpse of how green it was on the other side..."
Legal Aid Manitoba |    -- Pink Floyd "High Hopes"

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: CipUX cat-web (first code), Nicolas Pettiaux
Next by Date:	Dual LAN card installation, John Ingleby
Previous by Thread:	Re: Creation of User profiles at install, Gavin McCullagh
Next by Thread:	Re: Creation of User profiles at install, David Trask
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: CipUX cat-web (first code), Nicolas Pettiaux

Next by Date:

Dual LAN card installation, John Ingleby

Previous by Thread:

Re: Creation of User profiles at install, Gavin McCullagh

Next by Thread:

Re: Creation of User profiles at install, David Trask

Indexes:

[Date] [Thread] [Top] [All Lists]

Free Magazines

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe