1 |
On Monday 18 May 2009 22:14:43 bn wrote: |
2 |
> > If you use Ubuntu, you've got to accept their eccentric & questionable |
3 |
> > attitude to passwords, esp that they don't have a separate root password. |
4 |
> > I find that a piece of cheap popularisation contrary to UNIX principles. |
5 |
|
6 |
Huh? |
7 |
|
8 |
The package you are talking about is sudo. Might I add that sudo follows the |
9 |
grand time honoured tradition of the principle of least priviledge whereas su |
10 |
does not? |
11 |
|
12 |
su offers no means to selectively allow what a user may and may not be |
13 |
authorised to do. It's an all or nothing approach, much like running Windows |
14 |
as admin. A separate root password gives no real extra safety - the user |
15 |
becoming root still has to be in the wheel group, and still has to prove who |
16 |
they are by a process of authentication. For servers, this is brilliant. Log |
17 |
in with keys, sudo with a password (which you keep just as safe as a root |
18 |
password). |
19 |
|
20 |
> I found it very useful and it makes much sense in my opinion -so much |
21 |
> that I would like to know how to fully "ubuntize" my Gentoo in this |
22 |
> single respect. |
23 |
|
24 |
Easy peasy: |
25 |
|
26 |
emerge sudo |
27 |
sudoedit |
28 |
add desired users to wheel group |
29 |
[test] |
30 |
replace root password in shadow with "!" |
31 |
|
32 |
Please note that this is not an Ubuntu thing. It's simply using sudo in one of |
33 |
the ways sudo was specifically designed to be used. |
34 |
|
35 |
> I don't maybe like it's pulled down the throat of users, |
36 |
> but if they had the option to choose between both with,say,one |
37 |
> installation option click, it would be perfect. |
38 |
|
39 |
Even easier. As first user created (administrative user): |
40 |
|
41 |
sudo passwd |
42 |
[forget sudo exists] |
43 |
|
44 |
-- |
45 |
alan dot mckinnon at gmail dot com |