<quote who="Sridhar Dhanapalan"> > 1. the installer didn't ask me to define a root password
Yep, the root account is disabled. > 2. once installed, I discovered that the root password was the same as the > password of the user I had created in the installation Nup, there is no root password - it's locked. You must've been using sudo. > 3. the user I had created in the installation was able to change system > settings that can normally only be changed as root Only when you authenticate again via sudo. > 4. I could open a root terminal without typing a password The only time you can get to a root terminal without typing a password is when you boot in recovery mode - sulogin drops you directly to a root prompt (if an attacker has sufficient physical access to your system to reboot and select the recovery mode boot choice, then your system is owned already). > To fix the last two points I had to manually turn off "Executing system > administration tasks" in "Users and Groups". That actually means you've disabled sudo access for your user, which you'll have to recover by booting in recovery mode. > While I believe that Lindow^H^H^Hspire is a wart on the face of free > software, I was shocked to see Ubuntu seemingly taking the same path. Am I > missing something? Yep - the difference between running every process as root and secure access to administrative functionality via sudo. :-) - Jeff -- EuroOSCON: October 17th-20th http://conferences.oreillynet.com/eurooscon/ "I guess there's part of me that's always resented it... to be an actor, you have to have someone else say yes to you." - Edward Norton -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
