Re: [SLUG] Lindows experience.
quote who=Sridhar Dhanapalan Absolutely not. Have a look at /etc/sudoers to see the configuration. In warty, it gave full sudo access to the initial user created. In hoary, it gives full sudo access to members of the admin group (which the initial user is a member of). Is it a good idea to give *full* sudo access to the initial user by default? This sounds like a security problem to me. If you didn't give it to someone, no one could administer the computer (or bring up network connections, or upgrade the software, etc). :-) - Jeff -- EuroOSCON: October 17th-20thhttp://conferences.oreillynet.com/eurooscon/ http://www.illusionary.com/GNOMEvKDE.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
quote who=Matt Hope Personally, I setup libpam-devperm instead - this changes the ownerships of specified devices (for example, the sound devices like /dev/dsp) to the user who is logging in. In my experence, this has been easier than adding extra users to a handful of groups. I'd strongly recommend Ubuntu consider following this path - I can't see any cases where a user should be able to log in at a graphical terminal, but not allowed to use sound, or the cdrom. Until very recently, access granted by those permissions could not be revoked from running processes, resulting in a big ugly security hole. I believe that problem is solved now, so at some stage we could transition to a better model, however there is still the issue of identifying local users (which RH do with consolehelper stuff, but there are various arguments for disliking it). - Jeff -- EuroOSCON: October 17th-20thhttp://conferences.oreillynet.com/eurooscon/ Science helps a lot, but people built perfectly good brick walls long before they knew why cement works. - Alan Cox -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On 8/17/05, Alan L Tyree [EMAIL PROTECTED] wrote: In fact, it seems to me that later users have (by default) too few privileges, at least for use in a home environment. I'm not saying that is wrong, but in a home environment you probably want to allow secondary users to use the CD, connect to the Internet, audio devices, etc. The default new user has none of these rights. Dead easy to add them through the graphical user/group controls though. Personally, I setup libpam-devperm instead - this changes the ownerships of specified devices (for example, the sound devices like /dev/dsp) to the user who is logging in. In my experence, this has been easier than adding extra users to a handful of groups. I'd strongly recommend Ubuntu consider following this path - I can't see any cases where a user should be able to log in at a graphical terminal, but not allowed to use sound, or the cdrom. - Matt. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On Wed, 17 Aug 2005 11:56, Jeff Waugh [EMAIL PROTECTED] wrote:
quote who=Sridhar Dhanapalan
Also, are there any security implications of this? Doesn't it mean that
in a default setup, any local user can gain root access? Please correct
me if I'm wrong.
Absolutely not. Have a look at /etc/sudoers to see the configuration. In
warty, it gave full sudo access to the initial user created. In hoary, it
gives full sudo access to members of the admin group (which the initial
user is a member of).
Is it a good idea to give *full* sudo access to the initial user by default?
This sounds like a security problem to me.
--
Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/]
{GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}
You have no idea the evil we do on a regular basis. ... The worst type of
criminals don't carry a gun, they take your money legally.
-- Anonymous MCI Worldcom employee, June 2002
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
Sridhar Dhanapalan wrote:
Is it a good idea to give *full* sudo access to the initial user by default?
This sounds like a security problem to me.
Yes, if you want your distro to be useful to the average Tom, Dick
Mary on the street.
--
Terry Collins {:-)}}} email: terryc at woa.com.au www:
http://www.woa.com.au
Wombat Outdoor Adventures Bicycles, Computers, GIS, Printing,
Publishing
People without trees are like fish without clean water
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
quote who=Sridhar Dhanapalan I think that's what I did on my system. I was unaware that Ubuntu is reliant upon sudo instead of su, and I thought that my root password was set to be the same as my user password. To change it, I used 'sudo passwd root', which of course removed the sudo functionality and reverted my system to a more traditional su setup. Note that it didn't remove the sudo functionality, you've just set a root password, which unlocks the root account. I recommend using sudo all the time regardless of the status of your root account - but given that setup, it makes sense to relock your root account. Is the sudo-type setup employed by Ubuntu the same as that used in Mac OS X? Very similar, yes. Also, are there any security implications of this? Doesn't it mean that in a default setup, any local user can gain root access? Please correct me if I'm wrong. Absolutely not. Have a look at /etc/sudoers to see the configuration. In warty, it gave full sudo access to the initial user created. In hoary, it gives full sudo access to members of the admin group (which the initial user is a member of). There is a FAQ about using sudo on the Ubuntu site (disconnected atm, so can't give you the URL), which discusses some of the security issues. It comes down to the fact that using sudo is highly recommended generally, we've just chosen to make that the default configuration. - Jeff -- linux.conf.au 2006: Dunedin, New Zealand http://linux.conf.au/ I look forward to someday putting foo-colored ribbons on my homepage declaring 'port 25 is for spam', and 'just say no to the Spam Message Transmission Protocol!' - Raph Levien -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Aug 16, 2005 at 08:21:27AM +1000, Paul Trevethan wrote: While I believe that Lindow^H^H^Hspire is a wart on the face of free software, I was shocked to see Ubuntu seemingly taking the same path. Am I missing something? Yep - the difference between running every process as root and secure access to administrative functionality via sudo. :-) It's still kind of risky to have a normal user running with unrestricted sudo rights, not as risky as running everything as root. Malicious software that has taken over the user's account can usually find a way to trick them into entering their password, especially when they are in the habit of entering it at various times anyhow. It's nice to have root as a DIFFERENT password because it provides a warning flag to the user. Also, is it not true that Ubuntu's action with regard super user rights only applies to the first user created during install. All subsequent users created do not display these sudo traits and behave as a normally restricted user on any other Linux (apart from Lindows). So, on install create a user called lord or such. Then when installed, create all the other standard users you require. Yes, this is a sensible idea, isolate the danger as much as possible. Probably most ubuntu users don't understand they should do this, then again, in a desktop-oriented operating system security is typically going to be a bit more lax than in a server-oriented system. My view is that Lindows, in its attempt to be so much like Windows to supposedly make it easier for 'crossover', has in fact become so much like it to include its security vulnerability. Why not stay with Windows? Price... freedom... attitude... I think it is an excellent thing to have a Linux distro that has the stated purpose of being as similar to Microsoft as possible. I wouldn't use it myself but I fully encourage anyone else to use it if (and only if) their main criteria for measuring technological progress is comparing things to Microsoft. For example, each and every time someone does a review of Debian or RedHat and comes to the conclusion It's not like Microsoft, the reply should always be a resounding, You should be using Linspire, go review that instead. This leaves the rest of the Linux community to go and do things that are not identical to Microsoft. - Tel -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iQIVAwUBQwMfCsfOVl0KFTApAQIJiw/9FTfMh0bRImSBV80WinSEs1Lbf5p6/tPA Rts/lueO3towy49IxcABXbdOZzfFPwDadYRgr4sBwCob880G2wdNJau5hb27WJl0 z5P1dS3hPRUjkNPUPnN9l4Wc5JARhP8EpjW9qt5asdyRMK0xN+mGiVIu3I/cJbkm 1g1L3o+rvmQ95Ld9u63yeDJQyegGvB+GsMQdEIFcQEHdSFMOZXfclzGP7AIcl+Wl ViUjBkOj6q7Ga2qTVODnV78bvft0q8bSbpgGjksQ/25KVm7PfHQCiyHtGVfpzQBk +iaG1GsvgqQnaWPmuqY1LTvlXhdkUmr7tjEcGBYjDrL4uvDWYEZUNmKyv1wSiAqP XJ2BMSnXG2q3wFkdBXgWWOh2+Dk5boTddWKKli0O2IT3cumV+BxLjOzHaBrrLfcD HGd4uh9rq0GBIR2YHFKfIk0GlupU/usq2/PCHGPCvynhxfg40/6gE53b9d1/wp8k wSTH9ojWvwZR7vCuVeaYGQaJ0UvSHpob377oJRJWPiq/B1eYXRI6b2jYwRL+Lekq qtzB65Xk4HMB3lIZnd6XXDQeWquW0WaRrypSeptdd2/kdfVZWEozNR1AVqiMPH31 D6J6ZswYzc60l2f1a8M7047wa0VDsl2BMwkE3YkaSCJlqB2CrTqJDvibszy9VkPA CFJgogV0d3Y= =pcJN -END PGP SIGNATURE- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
quote who=[EMAIL PROTECTED] Probably most ubuntu users don't understand they should do this, then again, in a desktop-oriented operating system security is typically going to be a bit more lax than in a server-oriented system. The same setup is used in Ubuntu whether you install it as a desktop or a server. From my POV, using sudo is a no-brainer for a server too, though locking root feels (only) slightly less sensible. - Jeff -- GNOME Summit: October 8th-10th http://live.gnome.org/Boston2005 o/~ we all live in a yellow subroutine o/~ - auspex -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On Tue, 16 Aug 2005 01:34, Steven Tucker [EMAIL PROTECTED] wrote:
Sudo rocks, Ubuntu rocks! Root does exist, if you
want the traditional method of using root, just
activate
root by doing
sudo passwd root
when you create a password then you can log in as
root, if you then disable sudo, you are back to the
traditional set up! I quite like the way Ubuntu has
used sudo, but if you dont like it, it takes seconds
to change!
I think that's what I did on my system. I was unaware that Ubuntu is reliant
upon sudo instead of su, and I thought that my root password was set to be
the same as my user password. To change it, I used 'sudo passwd root', which
of course removed the sudo functionality and reverted my system to a more
traditional su setup.
Is the sudo-type setup employed by Ubuntu the same as that used in Mac OS X?
Also, are there any security implications of this? Doesn't it mean that in a
default setup, any local user can gain root access? Please correct me if I'm
wrong.
--
Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/]
{GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}
FYI, XP doesn't stand for eXPerience. It's just an emoticon.
pgpv8hB4ueqii.pgp
Description: PGP signature
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Lindows experience.
I am a lindows - now linspire - user at home for the family (they also use a Mac Mini with OSX) and gentoo at work and have used Mandrake historically. I have installed and used ubuntu for only a short time on an x86 and a little longer on a PowerBook. Linspire is by far the most user friendly Linux system and this is assisted by its simple install, user interface and the CNR installation software. I would highly recommend it for cross over users from Windows or MAC and non technical users. Also the default is to have a single user as root but this however this can be simply altered by creating a non root user and you get back all the bennefits of linux security etc. My home system just auto logs in and the family have no idea that they are not root. Applications installed by CNR are installed to a share directory for all to use but user data is stored in an appropriate home directory. -- Yours Sincerely,Al Steel. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On Tue, 16 Aug 2005 22:56:25 +1000
Sridhar Dhanapalan [EMAIL PROTECTED] wrote:
SNIP
Is the sudo-type setup employed by Ubuntu the same as that used in Mac
OS X? Also, are there any security implications of this? Doesn't it
mean that in a default setup, any local user can gain root access?
Please correct me if I'm wrong.
I think that it is wrong. The first user created during installation has
sudo privileges. Users created later do not.
In fact, it seems to me
that later users have (by default) too few privileges, at least for use
in a home environment. I'm not saying that is wrong, but in a home
environment you probably want to allow secondary users to use the CD,
connect to the Internet, audio devices, etc. The default new user has
none of these rights. Dead easy to add them through the graphical
user/group controls though.
Alan
--
Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/]
{GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}
FYI, XP doesn't stand for eXPerience. It's just an emoticon.
--
Alan L Tyreehttp://www2.austlii.edu.au/~alan
Tel: +61 2 4782 2670Mobile: +61 428 148 071
Fax: +61 2 4782 7092FWD: 615662
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
quote who=Bill Bennett I've been given a copy of Lindows4.5 by someone who is (was) rather chary of it---the Lindows, not the version. Has anyone had any experience with Lindows that they'd care to communicate? Good/bad/indifferent will do. Lindows will run your user session as root by default. This is a hideously bad thing to do, because it makes your entire system as vulnerable to attack as Win9x or Windows 2k/NT/XP (when running as Administrator, which seems to be very common). I fear that Linspire will make Linux look terrible. Because of this, I have a hard time recommending it to anyone, regardless of any additional eyecandy or features they provide. It's just not cricket. - Jeff (who works on Ubuntu, which may reflect some element of bias) -- EuroOSCON: October 17th-20thhttp://conferences.oreillynet.com/eurooscon/ Man, is there some worldwide consipiracy to supply me with doctored dictionaries or something? - Adrian van den Dries -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
Check out the Mepis and Ubuntu live CDs. (Especially Ubuntu.) My Dad stayed over at my place last night, and without any instruction from myself happily found his way into card games and various applications on my PC. (I'm running Ubuntu Hoary Hedgehog at home.) Ubuntu has a lovely interface configuration/design. I can't recommend it highly enough, and it has become the distribution I'd foremost recommend for client machines. My only concern would be that some functionality does require some user intervention and know-how. (There is an unofficial web-page that I find very helpful - may be off-putting to a novice though. Sorry I can't remember the address off the top of my head.) - Jeff (who works on Ubuntu, which may reflect some element of bias) Hey - Gotta love any organisation that'll give away a nice debian-based distro on CDs at their expense. Regards, Michael Kraus Software Developer [EMAIL PROTECTED] Direct Line 02 8306 0007 Wild Technology Pty Ltd , ABN 98 091 470 692 Sales - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017 Admin - Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017 Telephone 1300-13-9453 | Facsimile 1300-88-9453 http://www.wildtechnology.net DISCLAIMER CONFIDENTIALITY NOTICE: The information contained in this email message and any attachments may be confidential information and may also be the subject of client legal - legal professional privilege. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. This email and any attachments are also subject to copyright. No part of them may be reproduced, adapted or transmitted without the written permission of the copyright owner. If you have received this email in error, please immediately advise the sender by return email and delete the message from your system. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On Mon, 15 Aug 2005 17:13:55 +1000 Michael Kraus [EMAIL PROTECTED] wrote: SNIP Ubuntu has a lovely interface configuration/design. I can't recommend it highly enough, and it has become the distribution I'd foremost recommend for client machines. My only concern would be that some functionality does require some user intervention and know-how. (There is an unofficial web-page that I find very helpful - may be off-putting to a novice though. Sorry I can't remember the address off the top of my head.) http://www.ubuntuguide.org/ Couldn't agree more about Ubuntu. I helped a friend of mine in Columbus Ohio switch from Windows to Ubuntu. He got it kick-started, we installed Skype and the rest was talk and some VNC work from me. Very neat. He is certainly no guru, but has taken to Ubuntu and now feels quite at home. Alan - Jeff (who works on Ubuntu, which may reflect some element of bias) Hey - Gotta love any organisation that'll give away a nice debian-based distro on CDs at their expense. Regards, Michael Kraus Software Developer [EMAIL PROTECTED] Direct Line 02 8306 0007 - --- Wild Technology Pty Ltd , ABN 98 091 470 692 Sales - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017 Admin - Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017 Telephone 1300-13-9453 | Facsimile 1300-88-9453 http://www.wildtechnology.net DISCLAIMER CONFIDENTIALITY NOTICE: The information contained in this email message and any attachments may be confidential information and may also be the subject of client legal - legal professional privilege. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. This email and any attachments are also subject to copyright. No part of them may be reproduced, adapted or transmitted without the written permission of the copyright owner. If you have received this email in error, please immediately advise the sender by return email and delete the message from your system. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Alan L Tyreehttp://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670Mobile: +61 428 148 071 Fax: +61 2 4782 7092FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On Mon, 15 Aug 2005 17:04, Jeff Waugh [EMAIL PROTECTED] wrote:
Lindows will run your user session as root by default. This is a hideously
bad thing to do, because it makes your entire system as vulnerable to
attack as Win9x or Windows 2k/NT/XP (when running as Administrator, which
seems to be very common). I fear that Linspire will make Linux look
terrible.
I installed Hoary a little while ago, and I was surprised to find that:
1. the installer didn't ask me to define a root password
2. once installed, I discovered that the root password was the same as the
password of the user I had created in the installation
3. the user I had created in the installation was able to change system
settings that can normally only be changed as root
4. I could open a root terminal without typing a password
To fix the last two points I had to manually turn off Executing system
administration tasks in Users and Groups.
While I believe that Lindow^H^H^Hspire is a wart on the face of free software,
I was shocked to see Ubuntu seemingly taking the same path. Am I missing
something?
Disclaimer: I am an admin with the PCLinuxOS project, but I really like Ubuntu
as well.
--
Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/]
{GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}
Spyware creators have been taking advantage of gaping holes in IE's security
model, allowing them to install NT services and OS extensions through the IE
auto-install functionality. This is the primary reason I use FireFox rather
than IE; I don't care about things like tabbed browsing so much, but I do
like to know that my web browser does not have permission to modify the OS.
-- Microsoft Channel9 Wiki, July 2004
pgpGMQxSJbRtH.pgp
Description: PGP signature
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
Sridhar Dhanapalan wrote: On Mon, 15 Aug 2005 17:04, Jeff Waugh [EMAIL PROTECTED] wrote: Lindows will run your user session as root by default. This is a hideously bad thing to do, because it makes your entire system as vulnerable to attack as Win9x or Windows 2k/NT/XP (when running as Administrator, which seems to be very common). I fear that Linspire will make Linux look terrible. I installed Hoary a little while ago, and I was surprised to find that: 1. the installer didn't ask me to define a root password 2. once installed, I discovered that the root password was the same as the password of the user I had created in the installation 3. the user I had created in the installation was able to change system settings that can normally only be changed as root 4. I could open a root terminal without typing a password To fix the last two points I had to manually turn off Executing system administration tasks in Users and Groups. While I believe that Lindow^H^H^Hspire is a wart on the face of free software, I was shocked to see Ubuntu seemingly taking the same path. Am I missing something? My ubuntu (Hoary) has root disabled, all root access is via sudo, including root terminal. This would account for the same password as root password. Potentially after a fresh logon opening a root terminal would not need to ask password (???). But then I also upgraded from warty to hoary Fil -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
quote who=Sridhar Dhanapalan 1. the installer didn't ask me to define a root password Yep, the root account is disabled. 2. once installed, I discovered that the root password was the same as the password of the user I had created in the installation Nup, there is no root password - it's locked. You must've been using sudo. 3. the user I had created in the installation was able to change system settings that can normally only be changed as root Only when you authenticate again via sudo. 4. I could open a root terminal without typing a password The only time you can get to a root terminal without typing a password is when you boot in recovery mode - sulogin drops you directly to a root prompt (if an attacker has sufficient physical access to your system to reboot and select the recovery mode boot choice, then your system is owned already). To fix the last two points I had to manually turn off Executing system administration tasks in Users and Groups. That actually means you've disabled sudo access for your user, which you'll have to recover by booting in recovery mode. While I believe that Lindow^H^H^Hspire is a wart on the face of free software, I was shocked to see Ubuntu seemingly taking the same path. Am I missing something? Yep - the difference between running every process as root and secure access to administrative functionality via sudo. :-) - Jeff -- EuroOSCON: October 17th-20thhttp://conferences.oreillynet.com/eurooscon/ I guess there's part of me that's always resented it... to be an actor, you have to have someone else say yes to you. - Edward Norton -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
Well put Jeff, Sudo rocks, Ubuntu rocks! Root does exist, if you want the traditional method of using root, just activate root by doing sudo passwd root when you create a password then you can log in as root, if you then disable sudo, you are back to the traditional set up! I quite like the way Ubuntu has used sudo, but if you dont like it, it takes seconds to change! Gotta admit I am back using debian on my server, debian for a server anyday! Ubuntu for a desktop everyday! my 2c tuxta2 --- Jeff Waugh [EMAIL PROTECTED] wrote: quote who=Sridhar Dhanapalan 1. the installer didn't ask me to define a root password Yep, the root account is disabled. 2. once installed, I discovered that the root password was the same as the password of the user I had created in the installation Nup, there is no root password - it's locked. You must've been using sudo. 3. the user I had created in the installation was able to change system settings that can normally only be changed as root Only when you authenticate again via sudo. 4. I could open a root terminal without typing a password The only time you can get to a root terminal without typing a password is when you boot in recovery mode - sulogin drops you directly to a root prompt (if an attacker has sufficient physical access to your system to reboot and select the recovery mode boot choice, then your system is owned already). To fix the last two points I had to manually turn off Executing system administration tasks in Users and Groups. That actually means you've disabled sudo access for your user, which you'll have to recover by booting in recovery mode. While I believe that Lindow^H^H^Hspire is a wart on the face of free software, I was shocked to see Ubuntu seemingly taking the same path. Am I missing something? Yep - the difference between running every process as root and secure access to administrative functionality via sudo. :-) - Jeff -- EuroOSCON: October 17th-20th http://conferences.oreillynet.com/eurooscon/ I guess there's part of me that's always resented it... to be an actor, you have to have someone else say yes to you. - Edward Norton -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html Send instant messages to your online friends http://au.messenger.yahoo.com Send instant messages to your online friends http://au.messenger.yahoo.com -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On Mon, 15 Aug 2005 21:38:50 +1000 Jeff Waugh [EMAIL PROTECTED] wrote: quote who=Sridhar Dhanapalan 1. the installer didn't ask me to define a root password Yep, the root account is disabled. 2. once installed, I discovered that the root password was the same as the password of the user I had created in the installation Nup, there is no root password - it's locked. You must've been using sudo. 3. the user I had created in the installation was able to change system settings that can normally only be changed as root Only when you authenticate again via sudo. 4. I could open a root terminal without typing a password The only time you can get to a root terminal without typing a password is when you boot in recovery mode - sulogin drops you directly to a root prompt (if an attacker has sufficient physical access to your system to reboot and select the recovery mode boot choice, then your system is owned already). To fix the last two points I had to manually turn off Executing system administration tasks in Users and Groups. That actually means you've disabled sudo access for your user, which you'll have to recover by booting in recovery mode. While I believe that Lindow^H^H^Hspire is a wart on the face of free software, I was shocked to see Ubuntu seemingly taking the same path. Am I missing something? Yep - the difference between running every process as root and secure access to administrative functionality via sudo. :-) Also, is it not true that Ubuntu's action with regard super user rights only applies to the first user created during install. All subsequent users created do not display these sudo traits and behave as a normally restricted user on any other Linux (apart from Lindows). So, on install create a user called lord or such. Then when installed, create all the other standard users you require. In SuSE, for example, you type in 'sux' at command prompt, with root password, to become super user - Ubuntu uses the sudo method - it's just a different approach. My view is that Lindows, in its attempt to be so much like Windows to supposedly make it easier for 'crossover', has in fact become so much like it to include its security vulnerability. Why not stay with Windows? What I like about Ubuntu is that it cost me nothing, zip, zilch, not a dime; I can do everything I did under Windows (after a bit of re-education) and I can make it look real nice but nothing at all like Windows. Oh yeah, and Windows viruses and spyware and bugs bugs bugs are no longer an issue. Sorry to become advocate like - to answer the original thread question, Lindows is the one Linux I would never use! Paul. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Lindows experience.
I am a lindows - now linspire - user at home for the family (they also use a Mac Mini with OSX) and gentoo at work and have used Mandrake historically. I have installed and used ubuntu for only a short time on an x86 and a little longer on a PowerBook. Linspire is by far the most user friendly Linux system and this is assisted by its simple install, user interface and the CNR installation software. I would highly recommend it for cross over users from Windows or MAC and non technical users. Also the default is to have a single user as root but this however can be simply altered by creating a non root user and you get back all the bennefits of linux security etc. My home system just auto logs in and the family have no idea that they are not root. Applications installed by CNR are installed to a share directory for all to use but user data is stored in an appropriate home directory. Al Steel. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Lindows experience.
I've been given a copy of Lindows4.5 by someone who is (was) rather chary of it---the Lindows, not the version. Has anyone had any experience with Lindows that they'd care to communicate? Good/bad/indifferent will do. Regards, Bill Bennett. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
