Independently and in collaboration with Paul Tyson, I have now set up or assisted in the setup of ten Linux machines for others (eight of whom were converted from M$ (and none of those has complained!)).
One security feature in Ubuntu that I'm not too keen on is the disabling of the root account: this is done during the Ubuntu installation process by setting a random and undisclosed root password. This is certainly an improvement on early Ubuntu releases, where the root password was left blank and it was therefore possible to cruise serenely into a root shell by selecting the "recovery console" boot option. Nevertheless, it ignores one very fruitful avenue whereby the inexpert user can trash his system. One of my converts (no names, no pack-drill) decided to change his password. And then he instantly forgot it. He was the only administrative user on the system. I hadn't set the root password. (Luckily, he used his machine only for web access, so a reinstall was not too traumatic.) Now, whenever I install a system for someone else, I set a really unmemorable password for root, write it down, give it to them, and instruct them to file the paper copy somewhere inaccessible and never use it unless instructed. Criticisms of this approach are welcome. Regards to all, CPKS -- Next meeting: Bournemouth, Tuesday 2012-03-06 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue
