Disclaimer: This is not an attempt at starting a flame.
I did an install of ubuntu a couple of weeks ago. It all went smoothly enough but after it was up, I noticed no root password and that I, as a user, belonged to the root group. It seemed to me, to be bordering on asking for trouble. But then, there are a lot of people using this distro without problems.
I thought about asking on a ubuntu forum but I knew I’d only get answers about how wonderful it is and, in my mind at least, not a fair evaluation or explanation.
Can someone explain, or direct me to a good explanation of why belonging to a root group does not constitute a security breach?
Once more, I’m not looking for any examples of why distro X is better than ubuntu, only a discussion of the security aspects.
Where do you see that you belong to the root group? I don’t see this on my Ubuntu machine.
Oh, I took it off my machine, so I can’t … I thought for sure I had correct information. Was/am I wrong? Is ubuntu as secure as fedora? Suse? Slackware? Is there really any difference? In security I mean. Of course I’m disregarding the one day difference in supplying security patches, I’m talking about basic policies.
The security model of Ubuntu is that there is no root login and to do superuser operations you have to use sudo and provide one’s own password. This only works for people in the admin group, not all users. So that user’s password is as powerful as root and the user is expected to guard their password well.
The default Opensuse installation now allows the first user to use their password as the admin password. That is slightly different from the Ubuntu approach since the first user can then log on as root user as well as using su. The real security issue is not how it is done but how many people know the admin password. If it is only one and it is hard to crack, you have better security. Personally, I prefer to have a separate admin password but that is no more secure than having a single password if it is weak or someone else gets to know it.
Most security breaches arise from user error not from software errors or exploits.
-----BEGIN PGP SIGNED MESSAGE-----
I too would highly recommend a SEPARATE password for root for two reasons.
First, if somebody steals your password somehow you’re not completely
dead right away and can probably recover since they can’t (in theory) get
to your entire system. Second, YOU will not be accidentally doing things
as root if the password for root is different from your own password since
it will require you to type a different password. Even if you’re smart
(and possibly humble about that fact) and are a computer geek through and
through, chances are good that at some time you will put in a password for
your user when you’re being asked for root’s and it’ll hurt. Once you’re
root there’s nothing stopping you (except AppArmor maybe, but probably not
applicable in the cases of which I’m thinking) and having this protection
from others as well as yourself will pay off.
On 07/17/2010 11:36 AM, john hudson wrote:
> The default Opensuse installation now allows the first user to use their
> password as the admin password. That is slightly different from the
> Ubuntu approach since the first user can then log on as root user as
> well as using su. The real security issue is not how it is done but how
> many people know the admin password. If it is only one and it is hard to
> crack, you have better security. Personally, I prefer to have a separate
> admin password but that is no more secure than having a single password
> if it is weak or someone else gets to know it.
> Most security breaches arise from user error not from software errors
> or exploits.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Thanks all. I guess I misunderstood the situation. I can see where some would like the way it is done in ubuntu, having to remember only one password. The reasons presented by ab though, make me appreciate OpenSuse’s method.
Also it’s easy in Ubuntu to switch back to the root password way. You only have to do two things:
Give root a password using the passwd program
Edit /etc/sudoers so that the admin group is not special and the root PW is used for root actions
However the GUI admin programs may continue to prompt for “own password” when it’s the root password that’s needed after the changes.
Personally I think other matters such as keeping packages up to date are higher in priority.