Disclaimer: This is not an attempt at starting a flame.
I did an install of ubuntu a couple of weeks ago. It all went smoothly enough but after it was up, I noticed no root password and that I, as a user, belonged to the root group. It seemed to me, to be bordering on asking for trouble. But then, there are a lot of people using this distro without problems.
I thought about asking on a ubuntu forum but I knew I’d only get answers about how wonderful it is and, in my mind at least, not a fair evaluation or explanation.
Can someone explain, or direct me to a good explanation of why belonging to a root group does not constitute a security breach?
Once more, I’m not looking for any examples of why distro X is better than ubuntu, only a discussion of the security aspects.
Oh, I took it off my machine, so I can’t … I thought for sure I had correct information. Was/am I wrong? Is ubuntu as secure as fedora? Suse? Slackware? Is there really any difference? In security I mean. Of course I’m disregarding the one day difference in supplying security patches, I’m talking about basic policies.
The security model of Ubuntu is that there is no root login and to do superuser operations you have to use sudo and provide one’s own password. This only works for people in the admin group, not all users. So that user’s password is as powerful as root and the user is expected to guard their password well.
The default Opensuse installation now allows the first user to use their password as the admin password. That is slightly different from the Ubuntu approach since the first user can then log on as root user as well as using su. The real security issue is not how it is done but how many people know the admin password. If it is only one and it is hard to crack, you have better security. Personally, I prefer to have a separate admin password but that is no more secure than having a single password if it is weak or someone else gets to know it.
Most security breaches arise from user error not from software errors or exploits.
I too would highly recommend a SEPARATE password for root for two reasons.
First, if somebody steals your password somehow you’re not completely
dead right away and can probably recover since they can’t (in theory) get
to your entire system. Second, YOU will not be accidentally doing things
as root if the password for root is different from your own password since
it will require you to type a different password. Even if you’re smart
(and possibly humble about that fact) and are a computer geek through and
through, chances are good that at some time you will put in a password for
your user when you’re being asked for root’s and it’ll hurt. Once you’re
root there’s nothing stopping you (except AppArmor maybe, but probably not
applicable in the cases of which I’m thinking) and having this protection
from others as well as yourself will pay off.
Good luck.
On 07/17/2010 11:36 AM, john hudson wrote:
>
> The default Opensuse installation now allows the first user to use their
> password as the admin password. That is slightly different from the
> Ubuntu approach since the first user can then log on as root user as
> well as using su. The real security issue is not how it is done but how
> many people know the admin password. If it is only one and it is hard to
> crack, you have better security. Personally, I prefer to have a separate
> admin password but that is no more secure than having a single password
> if it is weak or someone else gets to know it.
>
> Most security breaches arise from user error not from software errors
> or exploits.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Thanks all. I guess I misunderstood the situation. I can see where some would like the way it is done in ubuntu, having to remember only one password. The reasons presented by ab though, make me appreciate OpenSuse’s method.