Linux Mint Forums

I'm considering switching from Mepis to Mint, but there's something I need to know first. I guess a lot of people aren't bothered by this question, but I am. It seems Mint uses sudo like Ubuntu uses (Mepis uses su, something I like) In earlier versions of Ubuntu there was a separate admin password and regular user password, but latter versions the admin and user password are the same. In Mint, is the admin password and the regular user password the same or different. The reason I'm asking is that I don't feel its secure have the same password for admin and your regular user.

My Linux background comes from early (5.x) versions of Redhat, Mandrake 7, followed by SUSE and then Ubuntu, Debian, and Mepis. When I first encountered sudo in Breezy, I was ok with it because there were still separate passwords, but I encountered sudo in Edgy (After running Debian Sid and FreeBSD for a while) and the passwords were same, I just about had a heartattack in died of fright in my chair. So I would like know if Mint has the passwords the same or different, and if the same how is that not insecure? (it seems silly and insecure to login, than use the same password to do admin functions)

I hope my post made some sense and is meant as serious questions/concerns.

Mint uses sudo just as Ubuntu, but I see no security risk. Unless you follow some, in my eyes stupid, advice you can not log in as root, no way!
If you want a separate password for root this is how:
As default Ubuntu has no password set for the root user. To gain root access you have to type in your own user password. This is the password you set for the first user while installing Ubuntu.
To manually set a password for the root user, type in the following in the shell:
sudo passwd
After that you are asked to type in the new root password twice. Finally, your root user has its own password.
But you still can't log in as root, luckily. However it stops someone with physical access to your computer from accessing "Recovery mode" w/o password.
The following is a comment on logging in as root in Ubuntu found on a forum and almost consensus there:
The Ubuntu developers have gone to great lengths to make sudo as smooth as possible in the GUI environment, and they've done a very good job. By re-enabling the root user and even logging in as root, you literally throw their work out the window, take your safety belt off and drive head-on into traffic. Yes, it is a bit insane..
I also don't see the point of it, disabling the root user and using sudo (which is much more flexible than root login or su) was a step in the right direction. If you want to log in as root all the time, go use Linspire or something.

I much prefer to use sudo myself... but, if you wanted Mint to act the traditional way (with a root account and no sudo) you would:

- sudo passwd root (to give root a password of his own)
- sudo gedit /etc/sudoers (to remove the "normal" account from the list of sudoers).

This way, only root would have admin rights, and an account with its own password.

Note: I don't recommend doing that, but as you can see it's very easy to do.

Clem

Thanks for your answers

Maybe I wasn't clear that I didn't actually want to login as root, but simply have a different root or sudo password, but sudo passwd seems simple enough.

It's not "stupid" to want to be able to login in as root.

so far, I am new to Mint and not all to familiar with Ubuntu as a whole.

Unless I am mistaken, and I could be, sudo relies on a user knowing commands to enter into a command line environment. which means that a new or inexperienced user, who hasn't memorized or had opportunity to familiarize themselves with the numerous and flexible commands will be lost and not as able to use their machine in the way they would like, simply because they haven't memorized a myriad of commands.

now, I agree it's a good thing for a power user, or someone who fancies them self a knowledgeable user to become familiar with commands. it makes sense, commands make things go faster when you know what your doing and can remember not only the commands but the switches that make them work their magic.

However, you have some folks who have a great difficulty remembering numerous commands they won't use very often at all. They don't see themselves doing a lot of command line config and editing. and won't have that much opportunity to use it frequently enough to be familiar with many commands and their usage. It's most likely a passing awareness of commands that they will copy and paste from help they request and that will be the extent of their usage. Which is fine also. People have very different uses and experiences with their machines and not all desire to be a "tech" type, just a user, gt some things accomplished and be done with it.

that's also ok.

If one person prefers to use their computer in a fashion that will allow them the most command line usage because it fit their usage pattern and experience levels better, and another chooses to use it differently because their usage pattern is different from the first and one distro can accommodate them both, that OS is a more powerful distro because of it's flexibility. It's a good thing to be so stable and so flexible at the same time.

Just one users opinion.

Big Bear

If what you want is to be able to act as root without using the command line, there's a useful utility called "nautilus scripts," downloadable from Automatix. All you do is right-click anywhere on an open window, and choose "nautilus root here," then enter your password. You will then be able to work on your files as root from the GUI, in whatever directory you are. You can also choose "gedit root," and you can edit your files. I have it in both my Mint installations, and it does come in handy once in a while.

Regards,

Angel

I would never graphically log in as root (because then, everything I do, everything I click on, would have the "power" to impact my whole system). But that's just me.

The important thing is that people have different opinions, that they can express them and that the tools we provide allow them to do as they please.

And this is the case, although root comes with a random password by default, the default account has the power, through sudo, to assign root a password and let the user log in, graphically or not, as root.

Clem

I thought one of the reasons Linux/Mint is less vulnerable to viruses (compared to some com$etition) is that you don't work as root, and that rot is protected by a password.
But I'm only a Linux newbie
(Not a computer newbie though)

I'm not an expert on security but I would say file permissions are definitely a problem for potential viruses. When you run something (that you want to run by typing it, or that you don't really know you're running by clicking on it somewhere.. ), that something runs with your rights and permissions, so if that something tries to delete files it is the same as if you tried to delete them yourself... and if you're logged in as a user, you can only delete your own files... but if you're logged in as root, then you can potentially delete everything.

And it's not only viruses, but also user mistakes and bugs. If you keep a clear separation between user data and system, you're less exposed to system-wide problems.

Clem

on a personal note, the way I use it,

I only stay logged in as root in any distro, is long enough to perform the specific tasks needed to be done. Then, back on my merry way to userland.


Clem, It makes me very very glad to see your support of one's being able to express their opinions without suppressing communication. There are many boards where that is not the case. I personally appreciate that.

I have mint permanently installed on one of my home machines with other distros on other machines, PCLOS chief among the others ( ok, ok, PCLOS IS the others. LOL)


One of the important parts of a linux distro is the forums where people go to get help and talk with others who use that distro.

If people only get the "rtfm" and "that way is stupid, your doing it wrong" kind of messages, it doesn't help make the forum a positive part of the distro. It actually deters users.

Yes, I'm saying it again, Mint is exceeding expectations and applaud what you all are doing here.

Big Bear

I entirely agree with bigbearomaha's comment on the forum. Seems that the people here are grown ups

I personally believe the community is the best asset of a distribution. Not only is it a source of feedback and ideas, but also a place where users meet and from where a general ambiance is coming. So yes, we want you to enjoy the distro itself, but also to talk as much as possible, to give us your feedback, to show us different things and different ideas, and most of all to be happy and make others happy.

That's what it's all about. A good happy community and half of the job is done (if you look at the innovations put in Bea, 90% came from people in this forum. Same goes for Bianca (with a bit of coding on our part)).

Clem

You can also change the root password in mintConfig (Control Center) - Administration - Users and Groups. Click on the root account and properties.

clem wrote:I'm not an expert on security but I would say file permissions are definitely a problem for potential viruses. When you run something (that you want to run by typing it, or that you don't really know you're running by clicking on it somewhere.. ), that something runs with your rights and permissions, so if that something tries to delete files it is the same as if you tried to delete them yourself... and if you're logged in as a user, you can only delete your own files... but if you're logged in as root, then you can potentially delete everything.

And it's not only viruses, but also user mistakes and bugs. If you keep a clear separation between user data and system, you're less exposed to system-wide problems.

Clem

Right and this is why I wasn't wanting to login in as root, but merely separate the root and user passwords because it seem to that if a malicious user got a hold of the user password and without a separate password for root, he could do all sorts of damage.

Having said that, the ability to log in as root through KDM or GDM isn't a bad thing, contrary to the mantra of never, never log in as root. Case in point, a few months ago I was upgrading my FreeBSD variant (PCBSD 1.2) to the newer version (1.3) I was getting all sorts of odd bit errors and after running memtest, I discovered that one of the DIMMs I had in my machine had gone bad. Just logging in as root proved convenient to make the necessary repairs (which were extensive) If I were to ever want to login as a root, it would a situation like this. Like bigbearomaha said, do the tasks that need to be done and get out.