-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Aug 16, 2005 at 08:21:27AM +1000, Paul Trevethan wrote:
> > > While I believe that Lindow^H^H^Hspire is a wart on the face of free
> > > software, I was shocked to see Ubuntu seemingly taking the same
> > > path. Am I missing something?
> >
> > Yep - the difference between running every process as root and secure
> > access to administrative functionality via sudo. :-)
It's still kind of risky to have a normal user running with unrestricted
sudo rights, not as risky as running everything as root. Malicious software
that has taken over the user's account can usually find a way to trick them
into entering their password, especially when they are in the habit of
entering it at various times anyhow. It's nice to have root as a DIFFERENT
password because it provides a warning flag to the user.
> Also, is it not true that Ubuntu's action with regard super user rights
> only applies to the first user created during install. All subsequent
> users created do not display these "sudo" traits and behave as a
> normally restricted user on any other Linux (apart from Lindows).
>
> So, on install create a user called "lord" or such. Then when
> installed, create all the other "standard" users you require.
Yes, this is a sensible idea, isolate the danger as much as possible.
Probably most ubuntu users don't understand they should do this,
then again, in a desktop-oriented operating system security is typically
going to be a bit more lax than in a server-oriented system.
> My view is that Lindows, in its attempt to be so much like Windows to
> supposedly make it easier for 'crossover', has in fact become so much
> like it to include its security vulnerability. Why not stay with
> Windows?
Price... freedom... attitude...
I think it is an excellent thing to have a Linux distro that has the stated
purpose of being as similar to Microsoft as possible. I wouldn't use it
myself but I fully encourage anyone else to use it if (and only if) their
main criteria for measuring technological progress is comparing things to
Microsoft. For example, each and every time someone does a review of Debian
or RedHat and comes to the conclusion "It's not like Microsoft", the reply
should always be a resounding, "You should be using Linspire, go review
that instead". This leaves the rest of the Linux community to go and do
things that are not identical to Microsoft.
- Tel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iQIVAwUBQwMfCsfOVl0KFTApAQIJiw/9FTfMh0bRImSBV80WinSEs1Lbf5p6/tPA
Rts/lueO3towy49IxcABXbdOZzfFPwDadYRgr4sBwCob880G2wdNJau5hb27WJl0
z5P1dS3hPRUjkNPUPnN9l4Wc5JARhP8EpjW9qt5asdyRMK0xN+mGiVIu3I/cJbkm
1g1L3o+rvmQ95Ld9u63yeDJQyegGvB+GsMQdEIFcQEHdSFMOZXfclzGP7AIcl+Wl
ViUjBkOj6q7Ga2qTVODnV78bvft0q8bSbpgGjksQ/25KVm7PfHQCiyHtGVfpzQBk
+iaG1GsvgqQnaWPmuqY1LTvlXhdkUmr7tjEcGBYjDrL4uvDWYEZUNmKyv1wSiAqP
XJ2BMSnXG2q3wFkdBXgWWOh2+Dk5boTddWKKli0O2IT3cumV+BxLjOzHaBrrLfcD
HGd4uh9rq0GBIR2YHFKfIk0GlupU/usq2/PCHGPCvynhxfg40/6gE53b9d1/wp8k
wSTH9ojWvwZR7vCuVeaYGQaJ0UvSHpob377oJRJWPiq/B1eYXRI6b2jYwRL+Lekq
qtzB65Xk4HMB3lIZnd6XXDQeWquW0WaRrypSeptdd2/kdfVZWEozNR1AVqiMPH31
D6J6ZswYzc60l2f1a8M7047wa0VDsl2BMwkE3YkaSCJlqB2CrTqJDvibszy9VkPA
CFJgogV0d3Y=
=pcJN
-----END PGP SIGNATURE-----
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
