[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] How To Saga

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: Re: [Sheflug] How To Saga
From: John Southern <john [at] xxxxxxxxxxxxxxxxxx>
Date: Thu, 4 Aug 2005 15:13:05 +0100
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Organization: Disorganisation Inc
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8

Hi Ted,

On Thursday 04 August 2005 10:25, Ted Harding wrote:
> I find myself very surprised at Ubuntu for not having a root account!
>
> I'd been thinking of giving Ubuntu a whirl, having heard good things
> of it, but I can't imagine running any unixoid system which doesn't
> have root.
OSX does not have a root account by default and also uses the "sudo" method 
for control.

> I don't see that sudo (pseudo?) solves it. The presence 
> of "root" is deeply embedded in the design of Unix, therefore also
> Linux, and there must be vast arrays of programs that directly
> or indirectly depend on the assumption that root exists.
>
> Alec's experience that after using kdesu he finds that the drive
> has been assigned to a non-existent root is an example of what
> I mean.
>
> I'm also very puzzled as to how it would work.

The idea AFAIK is that you install the system with all its usual user accounts 
and groups and then once everything is set up, you disable the root account 
in the hope that no one will start running everything with superuser 
privileges.
For those that need the root account, they can always set it up, but the vast 
majority of users do not need such a sign on.
I suppose it all depends on who the distribution is for. Admins running a 
server farm - No. Desktop users wanting to write a letter and browse - Yes.

> Who owns "/", for instance?

/ and most of the other standard directories are owned by root. Just because 
you do not have a user called root to log on, doesn't mean they cannot be 
owned by root. The same is true for most Linux distributions which have a 
wide range of users and accounts that you do not log on with such as postfix, 
lp, wwwrun etc.,

> Who's in charge of all those daemons?

Again, that would be root for most of them.

> In a normal Linux, have a look at /etc/passwd and you'll see various
> "users" like "sync", "shutdown", "halt", "operator" as well as "root"
> in the root group, but fundamentally root rules all. And I think it
> is needed.

The following are the default users for a standard Kubuntu install :-
root,daemon,bin,sys,sync,games,man,lp,mail,news,uucp,proxy,www-data,
backup,list,irc,gnats,nobody,postfix,syslog,klog,
firstusername,cupsys,messagebus,fetchmail,hal,saned,sshd

> If I had doen a trial installation of Ubuntu, and discovered that
> there was no root, I think the first thing I'd have done would be
> to create a real root: Edit /etc/passwd (and one or two other files)
> to create a root entry, log in as "root" and set a password, create
> the root home directory /root, set up a root login profile, and then
> carry on as normal.

All depends whether you need it or not.

> And I'm also very puzzled as to why Ubuntu (or any other distribution)
> should think it's a good idea to have no root. What is gained? Surely
> what is lost has to be made good by some complicated tangle of
> work-arounds, with the risk of setting up various Catch-22s within
> this tangle.

Easier for desktop users, admins should be able to read the Ubuntu-wiki page 
and follow the instructions to set up a root account if required.

> Is it perhaps the idea that vapourising root will make Ubuntu more
> "friendly" to folk like Windows users whose minds don't quite grasp
> the idea of a privileged user? (Mind you, if that's the objective,
> then the simple solution is to have just one user, root, though
> you can call it something else, e.g. "alec", if you like!).

No. Would you really run everything as root? The potential for harm and 
accidental errors is great. Would you really just give your users full root 
access so they don't have any permissions problems again?

The first user on a Ubuntu system is by default given full sudo access. In 
effect this means that they can have root privileges when they need it, but 
the majority of the time they cannot do something accidentally wrong. It also 
helps with the logging in /var/log/auth.log where you can always look back to 
see just how you have screwed up.

Other distributions such as Ark completely do away with passwords and root in 
the understanding that they are one user systems not intended to be a server.

Knoppix is similar in that to get to root you can run the rootme script (sudo 
su root)

(K/)Ubuntu states that it helps with the install (removes the three seconds of 
indecision to think up a root password), means you cannot forget the root 
password, makes it fractionally harder for a hacker as they have to guess the 
username and password and not just the password for the known account of 
root.

Unfortunately, with root you have an extra layer of protection if one of your 
administrative accounts is compromised.

Webmin is naturally broken by default installation from universe. You need to 
enable the root login to run this and many LDAP stuff.

In the end it is all about personal preference. On the plus side, Ubuntu 
distros are ridiculously easy to install and will hopefully help a few people 
to try out Linux. I guess every distro has downsides that are a little odd 
for other users (Thinks of SuSE holding out with /media and not /mnt, Debian 
for being just too slow  to update and awkward to install for a new user, 
etc.,)

What would make a distro better? I change distros frequently. This is more 
down to whatever is closest to hand in the CD/DVD pile. Most are very similar 
and to be honest, they tend to blur into each other. I have a few 
applications that I use often, and as a result, dislike not having them 
available.
mpage (print 2 or more pages on one sheet of paper) has no SuSE package, 
although the RedHat version works fine.
Debian as no Rocks'n'Diamonds game (Yeah I know, but my kids like it)
More importantly for me, GNOME does not seem to have a fish server.
(Easy graphical drag-n-drop between to machines on a LAN)
Fedora seems to constantly messup when configuring a three NIC machine and 
port forwarding.
I suffer hours of wrong settings with Apache2 before I remember the 
DocumentRoot settings.
All these mean that no particular distro suits me perfectly. Should I stick to 
one and hope it will improve or is it a good idea to try others?

John
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

References:
- RE: [Sheflug] How To Saga
  - From: (Ted Harding)

Prev by Date: Re: [Sheflug] How To Saga
Next by Date: Re: [Sheflug] How To Saga
Previous by thread: Re: [Sheflug] How To Saga
Next by thread: Re: [Sheflug] How To Saga
Index(es):
- Date
- Thread