Re: [SLUG] Lindows experience.

2005-08-21 Thread Jeff Waugh
quote who=Sridhar Dhanapalan

  Absolutely not. Have a look at /etc/sudoers to see the configuration. In
  warty, it gave full sudo access to the initial user created. In hoary,
  it gives full sudo access to members of the admin group (which the
  initial user is a member of).
 
 Is it a good idea to give *full* sudo access to the initial user by
 default? This sounds like a security problem to me.

If you didn't give it to someone, no one could administer the computer (or
bring up network connections, or upgrade the software, etc). :-)

- Jeff

-- 
EuroOSCON: October 17th-20thhttp://conferences.oreillynet.com/eurooscon/
 
 http://www.illusionary.com/GNOMEvKDE.html
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-21 Thread Jeff Waugh
quote who=Matt Hope

 Personally, I setup libpam-devperm instead - this changes the ownerships
 of specified devices (for example, the sound devices like /dev/dsp) to the
 user who is logging in.
 
 In my experence, this has been easier than adding extra users to a handful
 of groups.
 
 I'd strongly recommend Ubuntu consider following this path - I can't see
 any cases where a user should be able to log in at a graphical terminal,
 but not allowed to use sound, or the cdrom.

Until very recently, access granted by those permissions could not be
revoked from running processes, resulting in a big ugly security hole. I
believe that problem is solved now, so at some stage we could transition to
a better model, however there is still the issue of identifying local
users (which RH do with consolehelper stuff, but there are various arguments
for disliking it).

- Jeff

-- 
EuroOSCON: October 17th-20thhttp://conferences.oreillynet.com/eurooscon/
 
   Science helps a lot, but people built perfectly good brick walls long
   before they knew why cement works. - Alan Cox
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-20 Thread Matt Hope
On 8/17/05, Alan L Tyree [EMAIL PROTECTED] wrote:

 In fact, it seems to me
 that later users have (by default) too few privileges, at least for use
 in a home environment. I'm not saying that is wrong, but in a home
 environment you probably want to allow secondary users to use the CD,
 connect to the Internet, audio devices, etc. The default new user has
 none of these rights. Dead easy to add them through the graphical
 user/group controls though.

Personally, I setup libpam-devperm instead - this changes the
ownerships of specified devices (for example, the sound devices like
/dev/dsp) to the user who is logging in.

In my experence, this has been easier than adding extra users to a
handful of groups.

I'd strongly recommend Ubuntu consider following this path - I can't
see any cases where a user should be able to log in at a graphical
terminal, but not allowed to use sound, or the cdrom.

 - Matt.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-20 Thread Sridhar Dhanapalan
On Wed, 17 Aug 2005 11:56, Jeff Waugh [EMAIL PROTECTED] wrote:
 quote who=Sridhar Dhanapalan
  Also, are there any security implications of this? Doesn't it mean that
  in a default setup, any local user can gain root access? Please correct
  me if I'm wrong.

 Absolutely not. Have a look at /etc/sudoers to see the configuration. In
 warty, it gave full sudo access to the initial user created. In hoary, it
 gives full sudo access to members of the admin group (which the initial
 user is a member of).

Is it a good idea to give *full* sudo access to the initial user by default? 
This sounds like a security problem to me.

-- 
Sridhar Dhanapalan  [Yama | http://www.pclinuxonline.com/]
  {GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
   0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}

You have no idea the evil we do on a regular basis. ... The worst type of 
criminals don't carry a gun, they take your money legally.
-- Anonymous MCI Worldcom employee, June 2002
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-20 Thread Terry Collins

Sridhar Dhanapalan wrote:

Is it a good idea to give *full* sudo access to the initial user by default? 
This sounds like a security problem to me.


Yes, if you want your distro to be useful to the average Tom, Dick  
Mary on the street.








--
   Terry Collins {:-)}}} email: terryc at woa.com.au  www: 
http://www.woa.com.au
   Wombat Outdoor Adventures Bicycles, Computers, GIS, Printing, 
Publishing


 People without trees are like fish without clean water
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-17 Thread Jeff Waugh
quote who=Sridhar Dhanapalan

 I think that's what I did on my system. I was unaware that Ubuntu is reliant 
 upon sudo instead of su, and I thought that my root password was set to be 
 the same as my user password. To change it, I used 'sudo passwd root', which 
 of course removed the sudo functionality and reverted my system to a more 
 traditional su setup.

Note that it didn't remove the sudo functionality, you've just set a root
password, which unlocks the root account. I recommend using sudo all the
time regardless of the status of your root account - but given that setup,
it makes sense to relock your root account.

 Is the sudo-type setup employed by Ubuntu the same as that used in Mac OS
 X?

Very similar, yes.

 Also, are there any security implications of this? Doesn't it mean that in
 a default setup, any local user can gain root access? Please correct me if
 I'm wrong.

Absolutely not. Have a look at /etc/sudoers to see the configuration. In
warty, it gave full sudo access to the initial user created. In hoary, it
gives full sudo access to members of the admin group (which the initial user
is a member of).

There is a FAQ about using sudo on the Ubuntu site (disconnected atm, so
can't give you the URL), which discusses some of the security issues. It
comes down to the fact that using sudo is highly recommended generally,
we've just chosen to make that the default configuration.

- Jeff

-- 
linux.conf.au 2006: Dunedin, New Zealand   http://linux.conf.au/
 
   I look forward to someday putting foo-colored ribbons on my homepage
   declaring 'port 25 is for spam', and 'just say no to the Spam Message
   Transmission Protocol!' - Raph Levien
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-17 Thread telford
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Aug 16, 2005 at 08:21:27AM +1000, Paul Trevethan wrote:

   While I believe that Lindow^H^H^Hspire is a wart on the face of free
   software, I was shocked to see Ubuntu seemingly taking the same
   path. Am I missing something?
  
  Yep - the difference between running every process as root and secure
  access to administrative functionality via sudo. :-)

It's still kind of risky to have a normal user running with unrestricted
sudo rights, not as risky as running everything as root. Malicious software
that has taken over the user's account can usually find a way to trick them
into entering their password, especially when they are in the habit of
entering it at various times anyhow. It's nice to have root as a DIFFERENT
password because it provides a warning flag to the user.

 Also, is it not true that Ubuntu's action with regard super user rights
 only applies to the first user created during install. All subsequent
 users created do not display these sudo traits and behave as a
 normally restricted user on any other Linux (apart from Lindows).
 
 So, on install create a user called lord or such. Then when
 installed, create all the other standard users you require.

Yes, this is a sensible idea, isolate the danger as much as possible.
Probably most ubuntu users don't understand they should do this,
then again, in a desktop-oriented operating system security is typically
going to be a bit more lax than in a server-oriented system.

 My view is that Lindows, in its attempt to be so much like Windows to
 supposedly make it easier for 'crossover', has in fact become so much
 like it to include its security vulnerability. Why not stay with
 Windows?

Price... freedom... attitude...

I think it is an excellent thing to have a Linux distro that has the stated
purpose of being as similar to Microsoft as possible. I wouldn't use it 
myself but I fully encourage anyone else to use it if (and only if) their
main criteria for measuring technological progress is comparing things to
Microsoft. For example, each and every time someone does a review of Debian
or RedHat and comes to the conclusion It's not like Microsoft, the reply
should always be a resounding, You should be using Linspire, go review
that instead. This leaves the rest of the Linux community to go and do
things that are not identical to Microsoft.

- Tel
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)

iQIVAwUBQwMfCsfOVl0KFTApAQIJiw/9FTfMh0bRImSBV80WinSEs1Lbf5p6/tPA
Rts/lueO3towy49IxcABXbdOZzfFPwDadYRgr4sBwCob880G2wdNJau5hb27WJl0
z5P1dS3hPRUjkNPUPnN9l4Wc5JARhP8EpjW9qt5asdyRMK0xN+mGiVIu3I/cJbkm
1g1L3o+rvmQ95Ld9u63yeDJQyegGvB+GsMQdEIFcQEHdSFMOZXfclzGP7AIcl+Wl
ViUjBkOj6q7Ga2qTVODnV78bvft0q8bSbpgGjksQ/25KVm7PfHQCiyHtGVfpzQBk
+iaG1GsvgqQnaWPmuqY1LTvlXhdkUmr7tjEcGBYjDrL4uvDWYEZUNmKyv1wSiAqP
XJ2BMSnXG2q3wFkdBXgWWOh2+Dk5boTddWKKli0O2IT3cumV+BxLjOzHaBrrLfcD
HGd4uh9rq0GBIR2YHFKfIk0GlupU/usq2/PCHGPCvynhxfg40/6gE53b9d1/wp8k
wSTH9ojWvwZR7vCuVeaYGQaJ0UvSHpob377oJRJWPiq/B1eYXRI6b2jYwRL+Lekq
qtzB65Xk4HMB3lIZnd6XXDQeWquW0WaRrypSeptdd2/kdfVZWEozNR1AVqiMPH31
D6J6ZswYzc60l2f1a8M7047wa0VDsl2BMwkE3YkaSCJlqB2CrTqJDvibszy9VkPA
CFJgogV0d3Y=
=pcJN
-END PGP SIGNATURE-
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-17 Thread Jeff Waugh
quote who=[EMAIL PROTECTED]

 Probably most ubuntu users don't understand they should do this, then
 again, in a desktop-oriented operating system security is typically going
 to be a bit more lax than in a server-oriented system.

The same setup is used in Ubuntu whether you install it as a desktop or a
server. From my POV, using sudo is a no-brainer for a server too, though
locking root feels (only) slightly less sensible.

- Jeff

-- 
GNOME Summit: October 8th-10th  http://live.gnome.org/Boston2005
 
o/~ we all live in a yellow subroutine o/~ - auspex
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-16 Thread Sridhar Dhanapalan
On Tue, 16 Aug 2005 01:34, Steven Tucker [EMAIL PROTECTED] wrote:
 Sudo rocks, Ubuntu rocks! Root does exist, if you
 want the traditional method of using root, just
 activate
 root by doing

  sudo passwd root

 when you create a password then you can log in as
 root, if you then disable sudo, you are back to the
 traditional set up! I quite like the way Ubuntu has
 used sudo, but if you dont like it, it takes seconds
 to change!

I think that's what I did on my system. I was unaware that Ubuntu is reliant 
upon sudo instead of su, and I thought that my root password was set to be 
the same as my user password. To change it, I used 'sudo passwd root', which 
of course removed the sudo functionality and reverted my system to a more 
traditional su setup.

Is the sudo-type setup employed by Ubuntu the same as that used in Mac OS X? 
Also, are there any security implications of this? Doesn't it mean that in a 
default setup, any local user can gain root access? Please correct me if I'm 
wrong.

-- 
Sridhar Dhanapalan  [Yama | http://www.pclinuxonline.com/]
  {GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
   0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}

FYI, XP doesn't stand for eXPerience. It's just an emoticon.


pgpv8hB4ueqii.pgp
Description: PGP signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Lindows experience.

2005-08-16 Thread Alastair Steel
I am a lindows - now linspire - user at home for the family (they also
use a Mac Mini with OSX) and gentoo at work and have used Mandrake
historically. 





I have installed and used ubuntu for only a short time on an x86 and a little longer on a PowerBook. 





Linspire is by far the most user friendly Linux system and this is
assisted by its simple install, user interface and the CNR installation
software. I would highly recommend it for cross over users from Windows
or MAC and non technical users. 





Also the default is to have a single user as root but this however this can
be simply altered by creating a non root user and you get back all the
bennefits of linux security etc. My home system just auto logs in and
the family have no idea that they are not root. Applications installed
by CNR are installed to a share directory for all to use but user data
is stored in an appropriate home directory. 
-- Yours Sincerely,Al Steel. 



-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Lindows experience.

2005-08-16 Thread Alan L Tyree
On Tue, 16 Aug 2005 22:56:25 +1000
Sridhar Dhanapalan [EMAIL PROTECTED] wrote:

SNIP 
 Is the sudo-type setup employed by Ubuntu the same as that used in Mac
 OS X?  Also, are there any security implications of this? Doesn't it
 mean that in a  default setup, any local user can gain root access?
 Please correct me if I'm  wrong.

I think that it is wrong. The first user created during installation has
sudo privileges. Users created later do not. 

In fact, it seems to me
that later users have (by default) too few privileges, at least for use
in a home environment. I'm not saying that is wrong, but in a home
environment you probably want to allow secondary users to use the CD,
connect to the Internet, audio devices, etc. The default new user has
none of these rights. Dead easy to add them through the graphical
user/group controls though.

Alan
 
 -- 
 Sridhar Dhanapalan  [Yama | http://www.pclinuxonline.com/]
   {GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}
 
 FYI, XP doesn't stand for eXPerience. It's just an emoticon.
 


-- 
Alan L Tyreehttp://www2.austlii.edu.au/~alan
Tel: +61 2 4782 2670Mobile: +61 428 148 071
Fax: +61 2 4782 7092FWD: 615662
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-15 Thread Jeff Waugh
quote who=Bill Bennett

 I've been given a copy of Lindows4.5 by someone who is (was) rather chary
 of it---the Lindows, not the version.
 
 Has anyone had any experience with Lindows that they'd care to
 communicate? Good/bad/indifferent will do.

Lindows will run your user session as root by default. This is a hideously
bad thing to do, because it makes your entire system as vulnerable to attack
as Win9x or Windows 2k/NT/XP (when running as Administrator, which seems to
be very common). I fear that Linspire will make Linux look terrible.

Because of this, I have a hard time recommending it to anyone, regardless of
any additional eyecandy or features they provide. It's just not cricket.

- Jeff (who works on Ubuntu, which may reflect some element of bias)

-- 
EuroOSCON: October 17th-20thhttp://conferences.oreillynet.com/eurooscon/
 
Man, is there some worldwide consipiracy to supply me with doctored
 dictionaries or something? - Adrian van den Dries
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-15 Thread Michael Kraus
Check out the Mepis and Ubuntu live CDs.

(Especially Ubuntu.)

My Dad stayed over at my place last night, and without any instruction
from myself happily found his way into card games and various
applications on my PC. (I'm running Ubuntu Hoary Hedgehog at home.)

Ubuntu has a lovely interface configuration/design. I can't recommend it
highly enough, and it has become the distribution I'd foremost recommend
for client machines. My only concern would be that some functionality
does require some user intervention and know-how. (There is an
unofficial web-page that I find very helpful - may be off-putting to a
novice though. Sorry I can't remember the address off the top of my
head.)

 - Jeff (who works on Ubuntu, which may reflect some element of bias)

Hey - Gotta love any organisation that'll give away a nice debian-based
distro on CDs at their expense.


Regards,
Michael Kraus
Software Developer
[EMAIL PROTECTED]
Direct Line 02 8306 0007
 





Wild Technology Pty Ltd , ABN 98 091 470 692
Sales - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017
Admin - Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017
Telephone 1300-13-9453 |  Facsimile 1300-88-9453
http://www.wildtechnology.net
DISCLAIMER  CONFIDENTIALITY NOTICE:  The information contained in this email 
message and any attachments may be confidential information and may also be the 
subject of client legal - legal professional privilege. If you are not the 
intended recipient, any use, interference with, disclosure or copying of this 
material is unauthorised and prohibited.   This email and any attachments are 
also subject to copyright.  No part of them may be reproduced, adapted or 
transmitted without the written permission of the copyright owner.  If you have 
received this email in error, please immediately advise the sender by return 
email and delete the message from your system.


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-15 Thread Alan L Tyree
On Mon, 15 Aug 2005 17:13:55 +1000
Michael Kraus [EMAIL PROTECTED] wrote:

SNIP
 Ubuntu has a lovely interface configuration/design. I can't recommend
 it highly enough, and it has become the distribution I'd foremost
 recommend for client machines. My only concern would be that some
 functionality does require some user intervention and know-how. (There
 is an unofficial web-page that I find very helpful - may be
 off-putting to a novice though. Sorry I can't remember the address off
 the top of my head.)
 

http://www.ubuntuguide.org/

Couldn't agree more about Ubuntu. I helped a friend of mine in Columbus
Ohio switch from Windows to Ubuntu. He got it kick-started, we installed
Skype and the rest was talk and some VNC work from me. Very neat. He is
certainly no guru, but has taken to Ubuntu and now feels quite at home.

Alan

  - Jeff (who works on Ubuntu, which may reflect some element of bias)
 
 Hey - Gotta love any organisation that'll give away a nice
 debian-based distro on CDs at their expense.
 
 
 Regards,
 Michael Kraus
 Software Developer
 [EMAIL PROTECTED]
 Direct Line 02 8306 0007
  
 
 
 
 -
 ---
 
 Wild Technology Pty Ltd , ABN 98 091 470 692
 Sales - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017
 Admin - Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017
 Telephone 1300-13-9453 |  Facsimile 1300-88-9453
 http://www.wildtechnology.net
 DISCLAIMER  CONFIDENTIALITY NOTICE:  The information contained in
 this email message and any attachments may be confidential information
 and may also be the subject of client legal - legal professional
 privilege. If you are not the intended recipient, any use,
 interference with, disclosure or copying of this material is
 unauthorised and prohibited.   This email and any attachments are also
 subject to copyright.  No part of them may be reproduced, adapted or
 transmitted without the written permission of the copyright owner.  If
 you have received this email in error, please immediately advise the
 sender by return email and delete the message from your system.
 
 
 -- 
 SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
 Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
 
 


-- 
Alan L Tyreehttp://www2.austlii.edu.au/~alan
Tel: +61 2 4782 2670Mobile: +61 428 148 071
Fax: +61 2 4782 7092FWD: 615662
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-15 Thread Sridhar Dhanapalan
On Mon, 15 Aug 2005 17:04, Jeff Waugh [EMAIL PROTECTED] wrote:
 Lindows will run your user session as root by default. This is a hideously
 bad thing to do, because it makes your entire system as vulnerable to
 attack as Win9x or Windows 2k/NT/XP (when running as Administrator, which
 seems to be very common). I fear that Linspire will make Linux look
 terrible.

I installed Hoary a little while ago, and I was surprised to find that:

1. the installer didn't ask me to define a root password
2. once installed, I discovered that the root password was the same as the 
password of the user I had created in the installation
3. the user I had created in the installation was able to change system 
settings that can normally only be changed as root
4. I could open a root terminal without typing a password

To fix the last two points I had to manually turn off Executing system 
administration tasks in Users and Groups.

While I believe that Lindow^H^H^Hspire is a wart on the face of free software, 
I was shocked to see Ubuntu seemingly taking the same path. Am I missing 
something?


Disclaimer: I am an admin with the PCLinuxOS project, but I really like Ubuntu 
as well.

-- 
Sridhar Dhanapalan  [Yama | http://www.pclinuxonline.com/]
  {GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
   0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}

Spyware creators have been taking advantage of gaping holes in IE's security 
model, allowing them to install NT services and OS extensions through the IE 
auto-install functionality. This is the primary reason I use FireFox rather 
than IE; I don't care about things like tabbed browsing so much, but I do 
like to know that my web browser does not have permission to modify the OS.
-- Microsoft Channel9 Wiki, July 2004


pgpGMQxSJbRtH.pgp
Description: PGP signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Lindows experience.

2005-08-15 Thread Phil Scarratt

Sridhar Dhanapalan wrote:

On Mon, 15 Aug 2005 17:04, Jeff Waugh [EMAIL PROTECTED] wrote:


Lindows will run your user session as root by default. This is a hideously
bad thing to do, because it makes your entire system as vulnerable to
attack as Win9x or Windows 2k/NT/XP (when running as Administrator, which
seems to be very common). I fear that Linspire will make Linux look
terrible.



I installed Hoary a little while ago, and I was surprised to find that:

1. the installer didn't ask me to define a root password
2. once installed, I discovered that the root password was the same as the 
password of the user I had created in the installation
3. the user I had created in the installation was able to change system 
settings that can normally only be changed as root

4. I could open a root terminal without typing a password

To fix the last two points I had to manually turn off Executing system 
administration tasks in Users and Groups.


While I believe that Lindow^H^H^Hspire is a wart on the face of free software, 
I was shocked to see Ubuntu seemingly taking the same path. Am I missing 
something?




My ubuntu (Hoary) has root disabled, all root access is via sudo, 
including root terminal. This would account for the same password as 
root password. Potentially after a fresh logon opening a root terminal 
would not need to ask password (???). But then I also upgraded from 
warty to hoary


Fil
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-15 Thread Jeff Waugh
quote who=Sridhar Dhanapalan

 1. the installer didn't ask me to define a root password

Yep, the root account is disabled.

 2. once installed, I discovered that the root password was the same as the
 password of the user I had created in the installation

Nup, there is no root password - it's locked. You must've been using sudo.

 3. the user I had created in the installation was able to change system 
 settings that can normally only be changed as root

Only when you authenticate again via sudo.

 4. I could open a root terminal without typing a password

The only time you can get to a root terminal without typing a password is
when you boot in recovery mode - sulogin drops you directly to a root prompt
(if an attacker has sufficient physical access to your system to reboot and
select the recovery mode boot choice, then your system is owned already).

 To fix the last two points I had to manually turn off Executing system 
 administration tasks in Users and Groups.

That actually means you've disabled sudo access for your user, which you'll
have to recover by booting in recovery mode.

 While I believe that Lindow^H^H^Hspire is a wart on the face of free
 software, I was shocked to see Ubuntu seemingly taking the same path. Am I
 missing something?

Yep - the difference between running every process as root and secure access
to administrative functionality via sudo. :-)

- Jeff

-- 
EuroOSCON: October 17th-20thhttp://conferences.oreillynet.com/eurooscon/
 
 I guess there's part of me that's always resented it... to be an
   actor, you have to have someone else say yes to you. - Edward Norton
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-15 Thread Steven Tucker

  Well put Jeff,
 
Sudo rocks, Ubuntu rocks! Root does exist, if you
want the traditional method of using root, just
activate
root by doing
 
 sudo passwd root
 
when you create a password then you can log in as
root, if you then disable sudo, you are back to the
traditional set up! I quite like the way Ubuntu has
used sudo, but if you dont like it, it takes seconds
to change!
 
Gotta admit I am back using debian on my server,
debian for a server anyday! Ubuntu for a desktop
everyday!
 
 my 2c
 
 tuxta2

 --- Jeff Waugh [EMAIL PROTECTED] wrote:
 
  quote who=Sridhar Dhanapalan
  
   1. the installer didn't ask me to define a root
  password
  
  Yep, the root account is disabled.
  
   2. once installed, I discovered that the root
  password was the same as the
   password of the user I had created in the
  installation
  
  Nup, there is no root password - it's locked. You
  must've been using sudo.
  
   3. the user I had created in the installation
 was
  able to change system 
   settings that can normally only be changed as
 root
  
  Only when you authenticate again via sudo.
  
   4. I could open a root terminal without typing a
  password
  
  The only time you can get to a root terminal
 without
  typing a password is
  when you boot in recovery mode - sulogin drops you
  directly to a root prompt
  (if an attacker has sufficient physical access to
  your system to reboot and
  select the recovery mode boot choice, then your
  system is owned already).
  
   To fix the last two points I had to manually
 turn
  off Executing system 
   administration tasks in Users and Groups.
  
  That actually means you've disabled sudo access
 for
  your user, which you'll
  have to recover by booting in recovery mode.
  
   While I believe that Lindow^H^H^Hspire is a wart
  on the face of free
   software, I was shocked to see Ubuntu seemingly
  taking the same path. Am I
   missing something?
  
  Yep - the difference between running every process
  as root and secure access
  to administrative functionality via sudo. :-)
  
  - Jeff
  
  -- 
  EuroOSCON: October 17th-20th   
  http://conferences.oreillynet.com/eurooscon/
   
   I guess there's part of me that's always
  resented it... to be an
 actor, you have to have someone else say yes to
  you. - Edward Norton
  -- 
  SLUG - Sydney Linux User's Group Mailing List -
  http://slug.org.au/
  Subscription info and FAQs:
  http://slug.org.au/faq/mailinglists.html
  
 
 
 Send instant messages to your online friends
 http://au.messenger.yahoo.com 
 


Send instant messages to your online friends http://au.messenger.yahoo.com 
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Lindows experience.

2005-08-15 Thread Paul Trevethan
On Mon, 15 Aug 2005 21:38:50 +1000
Jeff Waugh [EMAIL PROTECTED] wrote:

 quote who=Sridhar Dhanapalan
 
  1. the installer didn't ask me to define a root password
 
 Yep, the root account is disabled.
 
  2. once installed, I discovered that the root password was the same
  as the password of the user I had created in the installation
 
 Nup, there is no root password - it's locked. You must've been using
 sudo.
 
  3. the user I had created in the installation was able to change
  system settings that can normally only be changed as root
 
 Only when you authenticate again via sudo.
 
  4. I could open a root terminal without typing a password
 
 The only time you can get to a root terminal without typing a
 password is when you boot in recovery mode - sulogin drops you
 directly to a root prompt (if an attacker has sufficient physical
 access to your system to reboot and select the recovery mode boot
 choice, then your system is owned already).
 
  To fix the last two points I had to manually turn off Executing
  system administration tasks in Users and Groups.
 
 That actually means you've disabled sudo access for your user, which
 you'll have to recover by booting in recovery mode.
 
  While I believe that Lindow^H^H^Hspire is a wart on the face of free
  software, I was shocked to see Ubuntu seemingly taking the same
  path. Am I missing something?
 
 Yep - the difference between running every process as root and secure
 access to administrative functionality via sudo. :-)
 

Also, is it not true that Ubuntu's action with regard super user rights
only applies to the first user created during install. All subsequent
users created do not display these sudo traits and behave as a
normally restricted user on any other Linux (apart from Lindows).

So, on install create a user called lord or such. Then when
installed, create all the other standard users you require.

In SuSE, for example, you type in 'sux' at command prompt, with root
password, to become super user - Ubuntu uses the sudo method - it's
just a different approach.

My view is that Lindows, in its attempt to be so much like Windows to
supposedly make it easier for 'crossover', has in fact become so much
like it to include its security vulnerability. Why not stay with
Windows? What I like about Ubuntu is that it cost me nothing, zip,
zilch, not a dime; I can do everything I did under Windows (after a bit
of re-education) and I can make it look real nice but nothing at all
like Windows. Oh yeah, and Windows viruses and spyware and bugs bugs
bugs are no longer an issue.

Sorry to become advocate like - to answer the original thread question,
Lindows is the one Linux I would never use!

Paul.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


[SLUG] Lindows experience.

2005-08-15 Thread Alastair Steel
I am a lindows - now linspire - user at home for the family (they also
use a Mac Mini with OSX) and gentoo at work and have used Mandrake
historically. 

I have installed and used ubuntu for only a short time on an x86 and a little longer on a PowerBook. 

Linspire is by far the most user friendly Linux system and this is
assisted by its simple install, user interface and the CNR installation
software. I would highly recommend it for cross over users from Windows
or MAC and non technical users. 

Also the default is to have a single user as root but this however can
be simply altered by creating a non root user and you get back all the
bennefits of linux security etc. My home system just auto logs in and
the family have no idea that they are not root. Applications installed
by CNR are installed to a share directory for all to use but user data
is stored in an appropriate home directory. Al Steel. 

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Lindows experience.

2005-08-14 Thread Bill Bennett
I've been given a copy of Lindows4.5 by someone who is (was) rather
chary of it---the Lindows, not the version.

Has anyone had any experience with Lindows that they'd care to
communicate? Good/bad/indifferent will do.

Regards,

Bill Bennett.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html