| 1 |
On Monday 18 May 2009 22:14:43 bn wrote: |
| 2 |
> > If you use Ubuntu, you've got to accept their eccentric & questionable |
| 3 |
> > attitude to passwords, esp that they don't have a separate root password. |
| 4 |
> > I find that a piece of cheap popularisation contrary to UNIX principles. |
| 5 |
|
| 6 |
Huh? |
| 7 |
|
| 8 |
The package you are talking about is sudo. Might I add that sudo follows the |
| 9 |
grand time honoured tradition of the principle of least priviledge whereas su |
| 10 |
does not? |
| 11 |
|
| 12 |
su offers no means to selectively allow what a user may and may not be |
| 13 |
authorised to do. It's an all or nothing approach, much like running Windows |
| 14 |
as admin. A separate root password gives no real extra safety - the user |
| 15 |
becoming root still has to be in the wheel group, and still has to prove who |
| 16 |
they are by a process of authentication. For servers, this is brilliant. Log |
| 17 |
in with keys, sudo with a password (which you keep just as safe as a root |
| 18 |
password). |
| 19 |
|
| 20 |
> I found it very useful and it makes much sense in my opinion -so much |
| 21 |
> that I would like to know how to fully "ubuntize" my Gentoo in this |
| 22 |
> single respect. |
| 23 |
|
| 24 |
Easy peasy: |
| 25 |
|
| 26 |
emerge sudo |
| 27 |
sudoedit |
| 28 |
add desired users to wheel group |
| 29 |
[test] |
| 30 |
replace root password in shadow with "!" |
| 31 |
|
| 32 |
Please note that this is not an Ubuntu thing. It's simply using sudo in one of |
| 33 |
the ways sudo was specifically designed to be used. |
| 34 |
|
| 35 |
> I don't maybe like it's pulled down the throat of users, |
| 36 |
> but if they had the option to choose between both with,say,one |
| 37 |
> installation option click, it would be perfect. |
| 38 |
|
| 39 |
Even easier. As first user created (administrative user): |
| 40 |
|
| 41 |
sudo passwd |
| 42 |
[forget sudo exists] |
| 43 |
|
| 44 |
-- |
| 45 |
alan dot mckinnon at gmail dot com |
Archives