A strange question, but one that is important to me

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

A strange question, but one that is important to me

Postby sanguinemoon on Tue Mar 20, 2007 6:59 am

I'm considering switching from Mepis to Mint, but there's something I need to know first. I guess a lot of people aren't bothered by this question, but I am. It seems Mint uses sudo like Ubuntu uses (Mepis uses su, something I like) In earlier versions of Ubuntu there was a separate admin password and regular user password, but latter versions the admin and user password are the same. In Mint, is the admin password and the regular user password the same or different. The reason I'm asking is that I don't feel its secure have the same password for admin and your regular user.

My Linux background comes from early (5.x) versions of Redhat, Mandrake 7, followed by SUSE and then Ubuntu, Debian, and Mepis. When I first encountered sudo in Breezy, I was ok with it because there were still separate passwords, but I encountered sudo in Edgy (After running Debian Sid and FreeBSD for a while) and the passwords were same, I just about had a heartattack in died of fright in my chair. So I would like know if Mint has the passwords the same or different, and if the same how is that not insecure? (it seems silly and insecure to login, than use the same password to do admin functions)

I hope my post made some sense and is meant as serious questions/concerns.
User avatar
sanguinemoon
Level 2
Level 2
 
Posts: 77
Joined: Tue Mar 20, 2007 5:08 am

Linux Mint is funded by ads and donations.
 

Postby Husse on Tue Mar 20, 2007 7:56 am

Mint uses sudo just as Ubuntu, but I see no security risk. Unless you follow some, in my eyes stupid, advice you can not log in as root, no way!
If you want a separate password for root this is how:
As default Ubuntu has no password set for the root user. To gain root access you have to type in your own user password. This is the password you set for the first user while installing Ubuntu.
To manually set a password for the root user, type in the following in the shell:
sudo passwd
After that you are asked to type in the new root password twice. Finally, your root user has its own password.
But you still can't log in as root, luckily. However it stops someone with physical access to your computer from accessing "Recovery mode" w/o password.
The following is a comment on logging in as root in Ubuntu found on a forum and almost consensus there:
The Ubuntu developers have gone to great lengths to make sudo as smooth as possible in the GUI environment, and they've done a very good job. By re-enabling the root user and even logging in as root, you literally throw their work out the window, take your safety belt off and drive head-on into traffic. Yes, it is a bit insane..
I also don't see the point of it, disabling the root user and using sudo (which is much more flexible than root login or su) was a step in the right direction. If you want to log in as root all the time, go use Linspire or something.
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Postby clivesay on Tue Mar 20, 2007 8:16 am

You could do the installation and create the user 'administrator' or something. Then, after the install, login as adminitrator, create the users you want, then login as the new user. As the other poster said, the password of the first user is the sudo password.

Sure there are multiple ways to do this. I've used Mepis for a long time but I really am enjoying Mint.
clivesay
Level 1
Level 1
 
Posts: 28
Joined: Tue Dec 26, 2006 7:41 pm

Postby clem on Tue Mar 20, 2007 8:45 am

I much prefer to use sudo myself... but, if you wanted Mint to act the traditional way (with a root account and no sudo) you would:

- sudo passwd root (to give root a password of his own)
- sudo gedit /etc/sudoers (to remove the "normal" account from the list of sudoers).

This way, only root would have admin rights, and an account with its own password.

Note: I don't recommend doing that, but as you can see it's very easy to do.

Clem
User avatar
clem
Level 15
Level 15
 
Posts: 5514
Joined: Wed Nov 15, 2006 8:34 am

Postby sanguinemoon on Tue Mar 20, 2007 1:51 pm

Thanks for your answers :)

Maybe I wasn't clear that I didn't actually want to login as root, but simply have a different root or sudo password, but sudo passwd seems simple enough.
User avatar
sanguinemoon
Level 2
Level 2
 
Posts: 77
Joined: Tue Mar 20, 2007 5:08 am

Postby bigbearomaha on Thu Mar 22, 2007 10:32 pm

It's not "stupid" to want to be able to login in as root.

so far, I am new to Mint and not all to familiar with Ubuntu as a whole.

Unless I am mistaken, and I could be, sudo relies on a user knowing commands to enter into a command line environment. which means that a new or inexperienced user, who hasn't memorized or had opportunity to familiarize themselves with the numerous and flexible commands will be lost and not as able to use their machine in the way they would like, simply because they haven't memorized a myriad of commands.

now, I agree it's a good thing for a power user, or someone who fancies them self a knowledgeable user to become familiar with commands. it makes sense, commands make things go faster when you know what your doing and can remember not only the commands but the switches that make them work their magic.

However, you have some folks who have a great difficulty remembering numerous commands they won't use very often at all. They don't see themselves doing a lot of command line config and editing. and won't have that much opportunity to use it frequently enough to be familiar with many commands and their usage. It's most likely a passing awareness of commands that they will copy and paste from help they request and that will be the extent of their usage. Which is fine also. People have very different uses and experiences with their machines and not all desire to be a "tech" type, just a user, gt some things accomplished and be done with it.

that's also ok.

If one person prefers to use their computer in a fashion that will allow them the most command line usage because it fit their usage pattern and experience levels better, and another chooses to use it differently because their usage pattern is different from the first and one distro can accommodate them both, that OS is a more powerful distro because of it's flexibility. It's a good thing to be so stable and so flexible at the same time.

Just one users opinion.

Big Bear
User avatar
bigbearomaha
Level 3
Level 3
 
Posts: 170
Joined: Tue Feb 06, 2007 11:34 am
Location: Omaha, NE

Postby euthypro on Thu Mar 22, 2007 11:37 pm

If what you want is to be able to act as root without using the command line, there's a useful utility called "nautilus scripts," downloadable from Automatix. All you do is right-click anywhere on an open window, and choose "nautilus root here," then enter your password. You will then be able to work on your files as root from the GUI, in whatever directory you are. You can also choose "gedit root," and you can edit your files. I have it in both my Mint installations, and it does come in handy once in a while.

Regards,

Angel
User avatar
euthypro
Level 3
Level 3
 
Posts: 105
Joined: Wed Jan 17, 2007 12:10 pm
Location: Dumaguete, Philippines

Two things I want to add

Postby pr3@ch3r on Fri Mar 23, 2007 2:50 am

If this is already said, forgive the repeat, I only glanced through the comments:

#1.) You can log as su - in Mint within the terminal, I do it everyday when making changes

#2.) Do not heed the 'ZOMG its stupid!!!111 to login as root in the gui or even in the command line if you dont have to!' crowd. This is foolishness and trend nothing more. 5 or so years ago before this new 'no root access via gui' thing started in distros it was perfectly fine to do so. There is no 'security' risk either, as the only thing you can do as root in the gui that you cant in normal user mode is...well nothing other than convenient things. A person can destroy his/her own system doing stupid things with or without root login within the gui. Ignore the fanatic hype. Do what you want to do and dont be concerned about 'security' within this context. Security in linux is 3 things: strong passwords/different passwords for each account, secure/patched internet services such as httpd (or removed totally from your desktop if you are not using them), and a firewall that is on and used regularly.

I may not be the smartest here, nor be filled with knowledge, but I work at a large datacenter and work almost entirely on public linux servers every day. Not that any of that matters, but rather to add a bit of substantiation to my comments. That is all.
You know what the RHCT certification means? I can break a Redhat server faster than you can.
User avatar
pr3@ch3r
Level 1
Level 1
 
Posts: 22
Joined: Thu Mar 01, 2007 8:10 pm
Location: Houston, Texas

Postby clem on Fri Mar 23, 2007 4:33 am

I would never graphically log in as root (because then, everything I do, everything I click on, would have the "power" to impact my whole system). But that's just me.

The important thing is that people have different opinions, that they can express them and that the tools we provide allow them to do as they please.

And this is the case, although root comes with a random password by default, the default account has the power, through sudo, to assign root a password and let the user log in, graphically or not, as root.

Clem
User avatar
clem
Level 15
Level 15
 
Posts: 5514
Joined: Wed Nov 15, 2006 8:34 am

Postby Husse on Fri Mar 23, 2007 6:48 am

I thought one of the reasons Linux/Mint is less vulnerable to viruses (compared to some com$etition) is that you don't work as root, and that rot is protected by a password.
But I'm only a Linux newbie :)
(Not a computer newbie though)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Postby clem on Fri Mar 23, 2007 6:54 am

I'm not an expert on security but I would say file permissions are definitely a problem for potential viruses. When you run something (that you want to run by typing it, or that you don't really know you're running by clicking on it somewhere.. ), that something runs with your rights and permissions, so if that something tries to delete files it is the same as if you tried to delete them yourself... and if you're logged in as a user, you can only delete your own files... but if you're logged in as root, then you can potentially delete everything.

And it's not only viruses, but also user mistakes and bugs. If you keep a clear separation between user data and system, you're less exposed to system-wide problems.

Clem
User avatar
clem
Level 15
Level 15
 
Posts: 5514
Joined: Wed Nov 15, 2006 8:34 am

Postby bigbearomaha on Fri Mar 23, 2007 8:51 am

on a personal note, the way I use it,

I only stay logged in as root in any distro, is long enough to perform the specific tasks needed to be done. Then, back on my merry way to userland.


Clem, It makes me very very glad to see your support of one's being able to express their opinions without suppressing communication. There are many boards where that is not the case. I personally appreciate that.

I have mint permanently installed on one of my home machines with other distros on other machines, PCLOS chief among the others ( ok, ok, PCLOS IS the others. LOL)


One of the important parts of a linux distro is the forums where people go to get help and talk with others who use that distro.

If people only get the "rtfm" and "that way is stupid, your doing it wrong" kind of messages, it doesn't help make the forum a positive part of the distro. It actually deters users.

Yes, I'm saying it again, Mint is exceeding expectations and applaud what you all are doing here.

Big Bear
User avatar
bigbearomaha
Level 3
Level 3
 
Posts: 170
Joined: Tue Feb 06, 2007 11:34 am
Location: Omaha, NE

Postby Husse on Fri Mar 23, 2007 9:10 am

I entirely agree with bigbearomaha's comment on the forum. Seems that the people here are grown ups
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Postby clem on Fri Mar 23, 2007 9:50 am

I personally believe the community is the best asset of a distribution. Not only is it a source of feedback and ideas, but also a place where users meet and from where a general ambiance is coming. So yes, we want you to enjoy the distro itself, but also to talk as much as possible, to give us your feedback, to show us different things and different ideas, and most of all to be happy and make others happy.

That's what it's all about. A good happy community and half of the job is done (if you look at the innovations put in Bea, 90% came from people in this forum. Same goes for Bianca (with a bit of coding on our part)).

Clem
User avatar
clem
Level 15
Level 15
 
Posts: 5514
Joined: Wed Nov 15, 2006 8:34 am

Postby Lolo Uila on Fri Mar 23, 2007 2:06 pm

You can also change the root password in mintConfig (Control Center) - Administration - Users and Groups. Click on the root account and properties.
User avatar
Lolo Uila
Level 5
Level 5
 
Posts: 547
Joined: Thu Mar 15, 2007 3:40 am
Location: Kapolei, Hawaii

Whoa I re-read my post and sound like a butthead

Postby pr3@ch3r on Fri Mar 23, 2007 2:34 pm

Hey I just reread my post and the new replies, and I apologize to anyone if I sounded like a buttface. No intension of that. It was 3am and I get blunt when tired. But yes, great points Clem and Bigbearomaha. I do want to point something else though: In my experience working as a datacenter tech (working on ONLY servers not desktops, which means NO guis ever) we never run into problems with Linux virii. Or at least I have not. File permissions are a problem yes, but not through root. Malicious people do 1 of 2 things 99% of the time on a linux server, they either 1.) exploit httpd (apache) and or php using the 'nobody' login which is the default login that has little to no permissions to do system changed, and exploit unpatched version by uploading scripts that scan or flood etc. Harmless usually. The other 2.) is rootkits which to my knowledge, the only way to get a rootkit on a server is to bruteforce or have the root password so that the kit can be installed. Ive never researched it myself, and maybe ya'lls points about logging in as root concern these kits, but I'm a little vague on how else they would install these. Its been my experience that, as long as your not running apache and php (desktop computer), you have your firewall going, and you have strong passwords your pretty much safe from anything when running linux. Though, I will say, if you stick with bigbearomaha's suggestion you inconvenience yourself a few seconds/minutes with logging in and out, but you may save yourself massive headaches in the long run. But then again, in my years of messing with linux and only just this year becoming fairly competent with it, I have never deleted or ruined anything while logged in as root within the gui.

And btw, I completely agree, I love these forums because of the lack of attitude and presence of maturity. Only seen 1 troll!! Amazing.
You know what the RHCT certification means? I can break a Redhat server faster than you can.
User avatar
pr3@ch3r
Level 1
Level 1
 
Posts: 22
Joined: Thu Mar 01, 2007 8:10 pm
Location: Houston, Texas

Postby sanguinemoon on Fri Mar 23, 2007 5:49 pm

clem wrote:I'm not an expert on security but I would say file permissions are definitely a problem for potential viruses. When you run something (that you want to run by typing it, or that you don't really know you're running by clicking on it somewhere.. ), that something runs with your rights and permissions, so if that something tries to delete files it is the same as if you tried to delete them yourself... and if you're logged in as a user, you can only delete your own files... but if you're logged in as root, then you can potentially delete everything.

And it's not only viruses, but also user mistakes and bugs. If you keep a clear separation between user data and system, you're less exposed to system-wide problems.

Clem
Right and this is why I wasn't wanting to login in as root, but merely separate the root and user passwords because it seem to that if a malicious user got a hold of the user password and without a separate password for root, he could do all sorts of damage.

Having said that, the ability to log in as root through KDM or GDM isn't a bad thing, contrary to the mantra of never, never log in as root. Case in point, a few months ago I was upgrading my FreeBSD variant (PCBSD 1.2) to the newer version (1.3) I was getting all sorts of odd bit errors and after running memtest, I discovered that one of the DIMMs I had in my machine had gone bad. Just logging in as root proved convenient to make the necessary repairs (which were extensive) If I were to ever want to login as a root, it would a situation like this. Like bigbearomaha said, do the tasks that need to be done and get out.
User avatar
sanguinemoon
Level 2
Level 2
 
Posts: 77
Joined: Tue Mar 20, 2007 5:08 am

Linux Mint is funded by ads and donations.
 

Return to Other topics

Who is online

Users browsing this forum: brken11 and 7 guests