Announcement

Collapse
No announcement yet.

Having no root login

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by claydoh View Post
    I'll keep this short as I have broken my wrist in two places, and one handed typing is no fun
    I'll bet that makes hoisting a beer rather difficult as well...

    Hopefully it won't be a long term issue.

    cheers,
    bill
    sigpic
    A person who never made a mistake never tried anything new. --Albert Einstein

    Comment


      #17
      Originally posted by kubicle View Post
      Anyone can do as they wish on their linux installation on every distribution I know of. Nothing limits you or anyone else. Want to enable the root account? Go right ahead, it's just one command away. Trash your sudo access by using commands you do not know how to use? Yes it can be done.
      I'm not speaking of impossibility. I am speaking of condescending visions of what other people should do (or most appropriately, not do).

      You on the other hand are trying to tell others what they should do ("developers should do this and that because that's what users want/need"...an assertion you're not qualified to make. Neither is anyone else, btw, so this is nothing personal against your qualifications).
      How is that "on the other hand"? Don't you see how pedantic it is? To "warn" people about setting a root login because they might mess up their system?

      And yes, open source development doesn't work that way. Those that do the actual work get to decide what they release, not random people on the internet. You don't have to like it, but that's the way it is.
      Yes and they make choices for other people that don't have a say in it. And they do this because they think they know better than those other people. Not only do they make this choice, they are even trying to dissuade those other people from making a different choice. That's exactly what Vinnywright did here. To dissuade another person from following my advice, or it was not even advice, I was just warning people against that choice. How is that "getting people to do as I want?"

      I am basically bitching at those developers perhaps from being so pedantic, if you want to take it as that. But only in response to this criticism that I should not even be allowed to voice my opinion on that because it interferes (not only disagrees, but actually interferes) with some kind of default policy, and even voicing a different position is unheard of. You are not allowed to disagree with what is politically correct or to take a different stand on it. We are all supposed to fall in line.

      Because disagreeing with that sentiment might hurt the bottom line, whatever that is. Don't you see how this is a company position and no employee is supposed to deviate from it

      And many people in the open source crowd are concerned as being "employees" because they are broadcasting or relaying or disseminating or being a spokesperson for a certain message. A certain way of doing things and it is decided by other (the higher ups, those in the 'upstream') (perhaps even) people and .. well. It is enough what I've said, isn't it?

      It would interfere with the 'bottom line' if people would start saying different things, things that would deviate from the company position. And yes, Ubuntu is a company. It has an image, and they are trying to protect that image by making sure no controversial or deviating thought is being uttered by what accounts as or amounts to "company employee". And the reward is often status, but many of you (and me perhaps also a little by now) are paid-workers and they fall in line in a system of corporate control that is very much an invisible thing that is taking place. It is very plain to see when even uttering a thought that goes against the common strain of what they want their system to be, introduces a backlash. Sorry If I don't Express myself Fully.

      I make it sound very harsh and very hard and very sincere, but it is just what happens in open source when there are financial interests at stake SOMEWHERE in the system and it happens the same in other places and on other forums (not mentioning this forum now here, it is not really here, but it is in the official things of UBUNTU). You can't deviate from the common things because you have to protect a common image. So it is essential then that what you say agrees with what the company wants the public to know about the system.

      You are not espousing your own views, but those of UBUNTU. Yes, those of Canonical, that have a stake in this view being expressed.

      Just for the record, I'm not categorically against enabling the root account, there are cases where it may make sense...but "it should be enabled by default as a safety blanket" is probably one of the worst reasons I've heard in a while. If someone is capable of fixing their issues using the root account, then surely they're also capable of enabling it or get to it in recovery mode (or at least capable of googling for the instructions)
      I never said it should be enabled by default, nor did I say it should be enabled by default as a safety blanket. I never voiced an opinion on any default setting. This is something you are reading into my words because you don't understand them. If anything, I have said that I am glad there is only one password needed to be chosen.

      While I believe not having to set two passwords during the install (or in any case) is appreciated by many, and also by myself, I consider a normal root prompt to be essential.
      But I feel, if I have to say anything on some recommended way of doing things, and I have not done so before (!!!!!!!), I would say that the default should be to turn it off, or to have it turned off on install, but to persuade a user to set a root login after. After install. I would suggest this choice to be left to the user but to be persuasive to enable it because it provides for a much better "hands on" environment with Linux. I would consider learning to be an essential, and it is just the most fun way to have a "REAL" "root" account. Mommy, I am root! Come on! Don't you see where the joy of LInux lies? The joy of Linux lies not in selling more Ubuntu "licenses" or to make Canonical more money, okay? That is not what Linux is about and it never has been. Being a power user or a root user is JOYFUL. Anyone who came into linux experimented with that in the past. Having a root prompt and having a console that presents you with a root login is just thrilling. Don't you care about EXPERIENCE? Is it all about safety? Where is the joy in being safe?? But it is not fun to be locked out of your system because someone decided that you should be dissuaded from being a power user because you might mess things up.

      WE ARE BEING DISSUADED. It is not about something not being possible. It is about the whole world telling "please don't do it". Stop doing that then? Stop being such a bitch in the first place? You don't have to dissuade people from making such choices. They are free and capable of making their own. Even if someone says "I would warn about following Canonical's advice" I get at least two people working against me. Because I'm not supposed to suggest to be disobedient to them, to this line of thought.

      Oh, and by the way:

      If someone is capable of fixing their issues using the root account, then surely they're also capable of enabling it or get to it in recovery mode (or at least capable of googling for the instructions)
      Fixing their issues is pretty vague. Knowing how to "enable" the root account may be non-intuitive because you are not enabling it really, you are just setting a password for it (in the sense of using the passwd command to "enable") this is counterintuitive and not something you know just straight away WITHOUT googling for it. So surely they can enable it but this is not being offered to them. Because Ubuntu doesn't want you to do it. Canonical doesn't want that. So why would it be made easier, if the company policy is to dissuade?

      And rebooting my system is not my fun of doing things, but that is Just Me perhaps. I am glad I can keep my system running for days without issue mostly. To me, it is a dealbreaker if I have to reboot. Currently I have to log out because there is a bug in the software-update icon that wants me to reboot. My system (screen) is now all greyed-out with this purple haze filter over it. I cannot get rid of it, or Do not know How to.

      And the root account is accessible anyway using sudo -s or sudo -i. There is no difference from that point of view. These are the things you suggested, and there , so there is no difference between the power user using sudo and the power user using a real root account, except in the EXPERIENCE. And you are trying to dissuade people from having that experience. What for? Let's take it apart:

      1) A root user is an exploitable mechanism.
      2) You can lose the root password.

      There are NO OTHER DRAWBACKS.

      1) Granted, this can be a security risk.
      2) No biggy since ideally you will still have sudo rights to your regular user ANYWAY.

      So where is the big issue with having a root user? There is scarcely any. Your reasons are not rational.

      Now there are good reason for having a root user in the first place:

      1) Logging into root is a lot faster if you need to log in at a TTY
      2) A regular login session will always start X with the default user the user uses. ;-). Haha. So from there, it is always "sudo su."
      3) Hence, the root user is only used at a TTY (in that sense)
      4) Sudo -i or sudo -s will give exactly the same rights as sudo su.
      5) There is no difference in the modification threat to the system.
      6) Sudo SU is still possible even with a locked and deleted root password.

      So why would you log into root at a TTY? It is to do system maintenance, obviously. Perhaps that is an individualistic thing, but I can be allowed to have an individualistic thing. I sometimes use a TTY because a text-mode screen is often more attractive. It is a use case and anyone fond of Linux will do that from time to time if they know how to. If you're not fond of Linux you shouldn't even be here. There is hardly ANY reason to dissuade a user from having a root account that can be logged into. It is only really about security (from the outside). That is reason enough, but still, depending on where you are, not a very strong reason.

      I'm just saying I have good reasons to offer that starting at the basics is the best learning experience, the most fun, and that regular computer users these days are very far removed from what they were in the 80s and 90s. And if you are preventing their hands from getting dirty, or likewise, forcing them to get dirty because it would be a "learning experience" then you are not allowing the regular, hopeful, fun, experimental thing of a real joyful computer user to take place. You have placed stakes somewhere else. You are concerned with the success of the system.

      This concern with the success of the system is what makes you forget what it was like to be a real student. There is no other reason for dissuading the root user account other than the success of the system, because you are concerned with how users might respond if they mess up. And how that will hurt the popularity of Ubuntu.

      It is pretty obvious that this is the real concern. Now Go Back To Bed, I am too tired ;-).

      =====
      I must say, Like I have Said Before, that I am concerned with the security of being hacked on a root account, so this pertains mostly to SSH logins.

      I think this is really the only valid reason. Valid enough to warrant concern. But a regular user will be behind a NAT, that's one. A regular "desktop" user might not readily have an SSH server running. The concern with root logins through SSH is something I want to address with another measure, which is more in the line of what I've stated. Make sure your root user has a different name, or call it admin. And give it less rights, but more than a normal user has. Ubuntu should be capable of doing that. The system as it is (with all the various (and many) root folders) is unfriendly in any case. The plain "root" account is unfriendly in any case. Mac OS X has solved that in some way by making all applications have their own /lib /usr /etc structure. Which is much more attuned to what it needs to be.

      they'll probably also learn something in the process.
      THAT is pedantic in its very essence. You don't need to tell or "ensure" people to learn something. They will learn on their own accord provided you are not preventing them from doing so, or dissuading them from doing so.

      Perhaps you call that pedantic as well. I just do not want to make choices based on ulterior motives. I like to make choices for myself and only for myself. I like to make choices because I believe in them. I am sure you do too.

      Yes, any day of the week. And it isn't to "gain access to his account", but to "regain access to their account after they did something stupid".
      Who are you to tell another user when he's been stupid? And it is not even only about user actions. The system can mess up as well. You are being protected against any kind of failure by having a fall-back mechanism.

      It is the same as giving the keys of your house to your trusted neighbours. Which is not always the best of ideas ;-).

      Comment


        #18
        Originally posted by claydoh View Post
        This is all a design choice, one that can be changed. There are even instructions on how to do so, which include pros and cons for using sudo over root.
        It is not about possibility, but about attitude. I am just espousing a certain view (or I was, rather gently, suggesting a different take on it) and immediately I am being dissuaded from making such statements and people who are reading it are being dissuaded from following up on my 'advice'. Surely it is a good read to read that sudo vs root document, but that is also a pedantic way of dissuading anyone to do what they want themselves. They only thing I've learned (the only real information to me) in that whole document was that trick:

        "Use sudo !! to repeat the previous command with sudo prepended to it." There was no other information in that document (for me). It was all about opinions, not about informing users. It was a warning document, but where's the real threat? There is not any, not in any real "urgent" case.

        If this were such a terrible thing Ubuntu have done, where are the massive number of bug reports with all the maladies that have occurred using this setup?
        That is what I meant by my "10 years" statement.
        Who is to say that bug reports should be the measure of success? There is also other things that are not readily perceivable unless you are interested in them. Such as the tone of the Ubuntu forums, or the experience users may not express but you can see them having it. I am one of those users myself. I can say many in the open source crowd do not know what they are saying or doing. They don't realize how terrible an experience it can be to have to deal with a nameless system where no one is really interested in really providing support as a form of responsibility for a fellow human. You might say that this is not true, that this is exactly what Ubuntu is. But it is often out of a personal stake, and it doesn't make it a good experience. For that user. You are often told to get your hands dirty if you want to know or learn anything.

        Even filing a bug report is made terribly difficult. There is a pedantic thing in the bug reporter that tells you how many lines of text you have written and how good you are doing in filing your bug report. The tool itself is so badly streamlined that reporting takes much longer than it should, you need a bug account which is not easily obtained (at least not without reading your email) it definitely wants to download scores of debug symbols each and every time, even when there are none, etc. Instead of being thankful that someone wants to invest time in writing a bug report, you are asking for more "contribution". You want even MORE investment. It is greediness. "yeah, but the report is just more useful with those debug symbols". Yeah, but you cannot expect any ordinary user from wanting to make that much of an effort in just being helpful.

        Instead of allowing the user to go on with his thing and be done with it, you expect someone to take 15 minutes or longer writing a freaking bug report. It is not made easier and people are expected to become contributors just because they want to help. I can easily say that half of the time or more that I have attempted to file a report for some bug, I have cancelled the encounter because it took too long and it would take me out of my flow. It is greediness. I am already offering something, but you want more. I am offering a finger, but you want the entire hand. People are dissuaded by that, and turned away. There is a lot about the OSS crowd that is not helpful.

        You also seem to be taking our words here much more harshly than they are intended to be. If I make a suggestion, it is simply that, and nothing else. Between this forum and on irc, I do see that you are taking things much in the wrong light.
        Then ask yourself why you are suggesting that thing and what would be my experience of that? It is felt as a dissuation and a slap in the face. It is not felt as a recognition or a respectful thing. It is not a helpful thing to do.

        Comment


          #19
          Oh, and just because you are not aware of the effects of your choices, doesn't mean they are not happening.

          On IRC, if you wish to mention that then, it has been readily apparent that I have not been allowed to speak up, to speak my mind, because I had not been following the rules. And the rules indicate that you can only chat in a certain way. And I violated those rules because I was too chatty. And so there is a backlash. I said something that disagreed with the status quo and now I was put back and not allowed to speak up as much. And all of it is not helpful. Especially not if you're already having trouble expressing yourself. You may not be a ware of what you do but it still has its effects. Just because you're not aware of the effects of your choices doesn't mean those effects are not there. You can turn people away by doing that and you do. Many people are turned away by that.

          That's all I'm saying. The attitudes in the OSS crowd are not all that good. You turn people away. You scare them off. I know people are trying to change that, but it has long been so. And it is still remnants of it remaining. I was just offering an advice in this thread. Softly spoken.

          But I was met with a rebuttal, mostly. And I spoke softly to that. Just clarifying my views a bit. But I was met with more rebuttals. So I take up the ball and do the discussion. You are immediately saying (Claydoh) that:

          "you would think that if setting things up this way was so terrible and wrong that people would run away in droves. Obviously, they are not."

          I never said it was so terrible. I'm just saying, or had been saying, that there could be reasons to not follow that advice. I was warning against following that advice. It was about choices people make. I had been saying nothing about the default setup yet. That is something you put into my words. I was defending myself against that.

          Then you say "One can easily enable the root account, the info is extremely easy to find." which is implying that I said the reverse. I did not do so. And I was defending against that. You are saying that "One can also study a little about how sudo (and I believe policykit) can be set up, and realize that it is very powerful and you could set it up to do exactly what you want." "You just need to decide which commands/applications that need elevated privileges are actually safe to run as a normal user." and this implied that my statements had no credit (because "it is easy enough to change it if you want and the way it is set up now has many powerful benefits").

          And I had not even been speaking about the default setup. I had just been warning people about following the advice, or sticking to what had been presented. I was not arguing for a change in policy in Debian or Ubuntu. I was doing nothing of the kind. I was saying that individual users could be tempted to make another choice if they knew the truth of it. I was at that point not saying anything about any default setup needing to change.

          Then you are saying that "I am projecting my needs and use case as if they are those of most users out there, which is wrong." which also implies that you feel I was wanting to change the default setup, which was not the case. This means I am not projecting, but you are. You are putting your concerns about changing the default setup in to my words and my intentions. I had not been speaking of those things. You were. You had.

          You instantly said "Ubuntu has been doing this for 10 years" "so it must be good" (my paraphrase) which is obviously not a real reason to do anything in any way. Fair enough, but I was just voicing a different concern.
          Last edited by xennex81; Apr 17, 2015, 04:11 PM.

          Comment


            #20
            I also said "Reality is that a root account is very handy if you do any amount of customization.". This means I was not speaking for everyone, or for every ordinary desktop user. I was interspersing my words with specifications. I was not saying it should be the truth for everyone. But in the Canonical document there is only a very little segment dedicated to "other use cases" and these are use cases in which a root account is often the only local account and it is much needed.

            The rest of the entire document is made to reflect a viewpoint or sentiment where the "ordinary" user is indeed put on a large heap where everyone is the same, without real further specification (for lack of a better word). This means that Canonical is indeed projecting a certain use case on everyone. And they are generalizing. I interspersed my words with indications on how what I said was only applicable to me or people like me. So I was not projecting. Not in any real case, or any strong sense. I was just saying that people like me would feel the same.

            Please prove me wrong then. I just feel... offended and violated by words like that. I was just making an assumption. The assumption was that people in my situation might be indicative of not wanting to do it the Canonical way. And that there could be people willing to do it differently. That was the assumption basically. That those people would exist. But if the response is a document showing and telling people to be *very afraid* of following my advice, then that is not a very "open minded" point to take. The entire Canonical document is a Fear document. It is intimidating to a new user. You are strongly persuaded not to do it. I was merely acting against that and that Is why I have taken so much Time to write a rebuttal to these sentiments. Not just to you, but also to (and by you I mean Claydoh and kubicle mostly) to Canonical, and the default Ubuntu attitude that is obviously not the attitude of those users, but mostly of those developers that are either paid or otherwise high status in the community. And it is not an attitude that these people feel, these users feel. They are being treated like children.

            So I must say I hope I feel that the sentiment has been cleared by this. I hope the sentiment has been cleared that I really had an intention of trying to dissuade Kubuntu or Canonical from doing this. I was just merely offering an advice and then defending that view. I know that the choice is small and the chance is slim that people would change that setup just because I want it. But I can still offer my advice and give my reply when my words are being rebutted. And I am not even offended by the setup, only by the offensive nature of the advice of dissuading people from moving away from that setup.

            When I say "Please be advised that there may be a reason to not follow that setup" and then you (or anyone) says "Activating the root account is easy enough" -- that obviously doesn't make sense. If you were helpful you'd say "You can activate the root account by setting a password for it" and then that would have an amount of usefulness and credit in my eyes at least. What you said was not informative and not helpful. Saying that people can google for it is not the same as providing the information, which means you were also dissuading people from doing it, which is exactly my point.

            You can spend an equal amount of time giving people that information. That is true of the OSS crowd in general, they'd rather tell people to go and find the information, when an equal amount of effort would be required in giving that information, and actually be helpful. "Google is your Friend" (it is rarely used) is not helpful because everyone already knows that they can use google, so it adds nothing, and only takes away. It is robbing people of help.

            I hope I am not robbing you today.

            Comment


              #21
              WOW ,,,,,I apologize ,,,,,,but I think I was misunderstood ,,,,,,,,,I was not trying to undermine your point of view at all ,,,,,,,I was just adding the excepted other choice and or end of things.

              by all means if someone wants to be root ,,,,,be root .

              I just wanted to make sure a totaly new to linux person had some more info on the subject and if they chose to accidentally trash their system it IS their right ,, and can be a good learning experience,,,,, I have done it , and learned from it .

              but a total novice running across your post may think O $h1T ,,,,,,I NEAD a root login ,,,,,and I guess I should just use that so things are easy for me !
              and soon be doing things like "rm -rf /" ,,,,,,oops forgot to type the rest.......I did it once well it was /bin and in an old slackware distro (CAUTION don't do that as root you will kill your system)and it was not fun,,,,,,,,well it was but I like fixing and braking things.

              So I just wanted to add the safe/DONT RUN WITH THAT PENCIL way as well

              and agin I am sory if I made you feal as though I was trying to slap down your advice or point of view ,,,,,,it was not my intent.

              VINNY
              i7 4core HT 8MB L3 2.9GHz
              16GB RAM
              Nvidia GTX 860M 4GB RAM 1152 cuda cores

              Comment


                #22
                Originally posted by xennex81 View Post
                I'm not speaking of impossibility. I am speaking of condescending visions of what other people should do (or most appropriately, not do).
                That's all in your head, I'm not telling you (or anyone else) what you (they) should do.

                To "warn" people about setting a root login because they might mess up their system?
                I fail to see what is wrong with that, from my experience many (or at least some) people like to get a warning when doing something that is potentially harmful...no one is preventing them from doing so regardless.

                And they do this because they think they know better than those other people.
                Nope, that is generally not the reason. I'm a developer and I don't think I always know better than other people...but I do, however, claim that I know better what I want...and I develop software that I myself would like to use. (If other people like that as well, that's great...if not, that's also great). That being said, I'm of the opinion that developers generally do know better than random people on the internet.

                But only in response to this criticism that I should not even be allowed to voice my opinion
                No one is saying you can't voice your opinion, we (well I, can't really speak for the others) just don't share your opinion and are voicing our own (are you the only one who should be allowed to voice your opinion?)

                It would interfere with the 'bottom line' if people would start saying different things, things that would deviate from the company position. And yes, Ubuntu is a company. It has an image, and they are trying to protect that image by making sure no controversial or deviating thought is being uttered by what accounts as or amounts to "company employee". And the reward is often status, but many of you (and me perhaps also a little by now) are paid-workers and they fall in line in a system of corporate control that is very much an invisible thing that is taking place. It is very plain to see when even uttering a thought that goes against the common strain of what they want their system to be, introduces a backlash. Sorry If I don't Express myself Fully.

                I make it sound very harsh and very hard and very sincere, but it is just what happens in open source when there are financial interests at stake SOMEWHERE in the system and it happens the same in other places and on other forums (not mentioning this forum now here, it is not really here, but it is in the official things of UBUNTU). You can't deviate from the common things because you have to protect a common image. So it is essential then that what you say agrees with what the company wants the public to know about the system.

                You are not espousing your own views, but those of UBUNTU. Yes, those of Canonical, that have a stake in this view being expressed.
                I certainly don't speak for (or in defense of) Canonical, in fact I don't particularly like Canonical, I've referred to Canonical as a cancer in the linux ecosystem. For every good decision Canonical makes they make two questionable ones and four bad ones. Not enabling the root account just isn't one of them.

                I never said it should be enabled by default, nor did I say it should be enabled by default as a safety blanket. I never voiced an opinion on any default setting. This is something you are reading into my words because you don't understand them. If anything, I have said that I am glad there is only one password needed to be chosen.
                Umm...didn't you say Canonical has made a bad decision by not enabling the root account...and that a root account would be a safety blanket against when a user inadvertently locked himself out of sudo access? If I read too much into what you posted, I apologize for misunderstanding and you can disregard my comment on the subject.

                But I feel, if I have to say anything on some recommended way of doing things, and I have not done so before (!!!!!!!), I would say that the default should be to turn it off, or to have it turned off on install, but to persuade a user to set a root login after. After install. I would suggest this choice to be left to the user but to be persuasive to enable it because it provides for a much better "hands on" environment with Linux. I would consider learning to be an essential, and it is just the most fun way to have a "REAL" "root" account.
                But you really do not need to enable the root account to access the root account. So this isn't really relevant.

                Mommy, I am root! Come on! Don't you see where the joy of LInux lies? The joy of Linux lies not in selling more Ubuntu "licenses" or to make Canonical more money, okay? That is not what Linux is about and it never has been. Being a power user or a root user is JOYFUL. Anyone who came into linux experimented with that in the past. Having a root prompt and having a console that presents you with a root login is just thrilling. Don't you care about EXPERIENCE? Is it all about safety? Where is the joy in being safe??
                Actually, I would argue that while that may be true for some people, you're once again projecting your own opinions on the matter to all users. There are certainly users that don't use computers just because it's joyful, and also users that care for safety over anything else.

                But it is not fun to be locked out of your system because someone decided that you should be dissuaded from being a power user because you might mess things up.
                Again, you don't need to enable the root account to be a "power user", whatever that means for anyone.

                Fixing their issues is pretty vague. Knowing how to "enable" the root account may be non-intuitive because you are not enabling it really, you are just setting a password for it (in the sense of using the passwd command to "enable") this is counterintuitive and not something you know just straight away WITHOUT googling for it. So surely they can enable it but this is not being offered to them. Because Ubuntu doesn't want you to do it. Canonical doesn't want that. So why would it be made easier, if the company policy is to dissuade?
                That doesn't make much sense. A normal user wouldn't know what the hell to do with a root shell without "googling" any way. There is no "intuitive" way to use the root shell so it doesn't make a big difference that it's not "intuitive" to enable it.

                And rebooting my system is not my fun of doing things, but that is Just Me perhaps.
                You only need to reboot if you have messed up your sudo access. It's hard to imagine anyone would get into a habit of doing that (at least frequently enough for it to be annoying.)

                1) A root user is an exploitable mechanism.
                2) You can lose the root password.

                There are NO OTHER DRAWBACKS.

                1) Granted, this can be a security risk.
                2) No biggy since ideally you will still have sudo rights to your regular user ANYWAY.
                That's a fairly good assessment of the drawbacks...it's not the whole picture (for example, with the root account you lose the auditing capabilities of sudo), but a good guideline.

                However:

                1) Logging into root is a lot faster if you need to log in at a TTY
                2) A regular login session will always start X with the default user the user uses. ;-). Haha. So from there, it is always "sudo su."
                3) Hence, the root user is only used at a TTY (in that sense)
                4) Sudo -i or sudo -s will give exactly the same rights as sudo su.
                5) There is no difference in the modification threat to the system.
                6) Sudo SU is still possible even with a locked and deleted root password.
                Of these, only the first one is somewhat of a (small) benefit, all the other "benefits" have nothing to do with whether you have root account enabled or not.

                And how that will hurt the popularity of Ubuntu.
                Quite frankly, I don't give a damn about the popularity of ubuntu. Not my concern or my responsibility...I use what works for me and encourage other people to do the same.

                You don't need to tell or "ensure" people to learn something.
                Nor did I say so. I said people will probably learn something. Something that you said is important.

                Who are you to tell another user when he's been stupid?
                I'm calling them as I see them, there are basically two ways this could be done by the user, both of which are stupid (in my book):
                You remove your sudo access without knowing how to get it back --> stupid
                You run a command/program/script without knowing what it does and how to recover --> stupid

                The system can mess up as well. You are being protected against any kind of failure by having a fall-back mechanism.
                True, but you have a fall-back mechanism even without enabling the root account. And this is again the "safety blanket" argument you said you never used.

                Comment


                  #23
                  Originally posted by bweinel View Post
                  I'll bet that makes hoisting a beer rather difficult as well...

                  Hopefully it won't be a long term issue.

                  cheers,
                  bill
                  Hey, I still have my left hand

                  Comment


                    #24
                    I suppose, this thread is on "Pre-Release Testing" and not about be root or not.

                    Most don't want be root, and those who want to be, it is just sudo su away. I have no idea what xennex81 wants in Pre-Release Testing.

                    kubicle Quite frankly, I don't give a damn about the popularity of ubuntu. Not my concern or my responsibility...I use what works for me and encourage other people to do the same.
                    How true!
                    Last edited by Chdslv; Apr 18, 2015, 03:48 AM.

                    Comment


                      #25
                      Originally posted by Chdslv View Post
                      I suppose, this thread is on "Pre-Release Testing" and not about be root or not.

                      Most don't want be root, and those who want to be, it is just sudo su away. I have no idea what xennex81 wants in Pre-Release Testing.
                      Granted you have a point there. Let's say there is no benefit in putting it on any other forum because it will drown in the madness anyway ;-). The only way to get the point across even a small bit is to put it into some non-persistent forum (from that point of view) and for people who are interested in educating other users perhaps. So the target audience of my post may have been those who like to have an opinion on the subject. And it was a warning against the general audience, but mostly directed at those Who Know or who are here anyway.

                      How true!
                      Still not true ;-).

                      I'll respond to the other post later (or after).

                      Comment


                        #26
                        Originally posted by xennex81 View Post
                        Granted you have a point there. Let's say there is no benefit in putting it on any other forum because it will drown in the madness anyway ;-). The only way to get the point across even a small bit is to put it into some non-persistent forum (from that point of view) and for people who are interested in educating other users perhaps. So the target audience of my post may have been those who like to have an opinion on the subject. And it was a warning against the general audience, but mostly directed at those Who Know or who are here anyway.
                        General audience doesn't need root, or even understand what is root--all they want is to use the computer, click yes to updates and never to tinker--only few of us wants to tinker. Its better the user is just a user with certain things to play with, changing backgrounds, themes etc. Some even don't want that.

                        Still not true ;-).
                        Its very true that everyone should use what they need, not others tell them. That's why there are umpteen amount of Linux distros, FreeBSD distros, iOs, Windows and even Android.

                        Do you have any problems with Kubuntu Vivid? I have some, but I'm going to wait, even though there is a Final Freeze on from yesterday. If you have any problems with Kubuntu Vivid, put it on, someone would reply and I'd learn too.

                        Comment


                          #27
                          Originally posted by kubicle View Post
                          That's all in your head, I'm not telling you (or anyone else) what you (they) should do.
                          Nor was I.

                          I fail to see what is wrong with that, from my experience many (or at least some) people like to get a warning when doing something that is potentially harmful...no one is preventing them from doing so regardless.
                          And there are also many people who are habitually scared by .e.g. virus selling companies (anti-virus selling companies) and other tech companies that have a stake in scaring people in order to sell more services. Even my father is scared of viruses and he has never used a computer, but it is what people tell each other. I like to put a bit of sensibility and madness (or rather sanity) into it.


                          Nope, that is generally not the reason. I'm a developer and I don't think I always know better than other people...but I do, however, claim that I know better what I want...and I develop software that I myself would like to use. (If other people like that as well, that's great...if not, that's also great). That being said, I'm of the opinion that developers generally do know better than random people on the internet.
                          I am not a random people on the internet, I am a developer myself. Rather, developers are often enclosed in a very limited mindset that is not at all the mindset of the people they are dealing with, or that their software is dealing with. So the statement that you have all that it takes to know what a user wants because you are a developer, is pertinently false.

                          No one is saying you can't voice your opinion, we (well I, can't really speak for the others) just don't share your opinion and are voicing our own (are you the only one who should be allowed to voice your opinion?)
                          Nope, but generally I am not telling people to shut up (like they do in IRC) out of a jealousy because someone is having more fun than they are. I have had it (so) many times before. A person in a position of authority comes in and shuts off a conversation for no apparent reason whatsoever except that he can kill the conversation with it. Cost me a contact with a nice girl lately. Only opportunity to meet her, guy comes in and shuts off the conversation because supposedly he needs to end the lunch. That had already ended. So the conversation moves elsewhere and I have my own plans for the day so I cannot chase them or go after them, it would be ridiculous. Same happened on IRC when I just came in, Lordievader shuts off a conversation I have with a new-met-friend and we never pick up the same conversation again. Opportunity lost. I guess that sounds kinda depressive, but jealousy creates grief, and I am doing something of the same now (by mentioning his name). People in positions of authority are generally bored to death because they have to preside over people when they'd rather do something else. Or, they'd rather be talking to the person themselves. Or, whatever. Whatever.

                          I certainly don't speak for (or in defense of) Canonical, in fact I don't particularly like Canonical, I've referred to Canonical as a cancer in the linux ecosystem. For every good decision Canonical makes they make two questionable ones and four bad ones. Not enabling the root account just isn't one of them.
                          That can be had on its own merits, that argument.

                          Umm...didn't you say Canonical has made a bad decision by not enabling the root account...and that a root account would be a safety blanket against when a user inadvertently locked himself out of sudo access? If I read too much into what you posted, I apologize for misunderstanding and you can disregard my comment on the subject.
                          No, I said I'd warn people against following their advice not to enable it. It was not about being disabled by default. It was about scaring people so much and they don't dare enable it even if they want to. So it was not about the basic configuration or the base configuration. It was about the choice to scare people. To try to prevent them from doing what they want, which is (or could be) to enable it.

                          But you really do not need to enable the root account to access the root account. So this isn't really relevant.
                          Then it is about handiness, having a backup, or a backup plan, versus the dangers of exploitability, mostly.

                          Actually, I would argue that while that may be true for some people, you're once again projecting your own opinions on the matter to all users. There are certainly users that don't use computers just because it's joyful, and also users that care for safety over anything else.
                          That's true, and using Linux is not always a joy (but it could be, or it would be for some or many) and safety can be important but personally, in between many things, I've lost more opportunities using faulty software in Linux than in anything else. Apart perhaps from Evernote and its ridiculous android-app-bugs. I simply do not consider it a thing to use if you care all that much about the safety of your data or your creations. LibreOffice can do weird stuff, Calligra is terrible, and that is mostly what people use to write (unless on the web, which means obviously there may not be any local files). Now if safety is only the root account... well, I consider that overblown.

                          I've never had a hacked system in all of my years. I'm exposed to a certain bug in a certain device, but I think it's all good. There are barely any viruses on Linux. I run a risk (with that thing) and that is the Synolocker threat if you need to know. They run freaking Apache as root.

                          It is said that most attack vectors arise from user actions. Not being penetrated without user action. It is software that opens ports from the inside. Not existing ports or services being exploited. For the ordinary user that is targetted by mass-exploits. A root-account-hacking deal is very difficult because you need to do it individually for every user. Who is going to do that? There is no benefit to that almost. So it is overblown, it is massively overblown. Since there is no difference from a safety point of view between a root login and a sudo su, what's the difference really, and the real threat? So we can see how the security risk is massively overblown.

                          Scarcely anyone is interested in targetting random computers with dictionary attacks, I think that much I can say, and a regular password that is slightly more difficult will not fall for that. It is easy to defend against by a simple firewall rule, probably. Something that blocks repeated and incessant logins. More than 100 failed logins from a single source? Timeout. It is not all that hard, although perhaps hard to configure rightly.

                          Your phone does it. Entering passwords takes time. Almost impossible to brute force.

                          So... perhaps you've also started to believe this hype about being hacked or infected. But it is hyped, I can tell you that. The risks are not so great. You are too obscure to be a target and most attack vectors are nonexistent from a password-less point of view. And if they are, they surely won't so easily be found in just SSHD.

                          Again, you don't need to enable the root account to be a "power user", whatever that means for anyone.
                          That's your personal point of view, and your personal perspective on that, but apparently you are using your personal feeling to prove a point that no one else should want it either. Again, like in the other thread, what are the reason against it? Scarcely any, and basically none. User may forget the password? Come on! User may write it down and it will be insecure? Come on! What the **** really? Are those the threats? That a newbie Linux user writes a ****ing root password in a dictionary file or, more likely, on some paper address book or whatever, and his wife is going to see it and be able to see his emails to his other spouse?

                          Ridiculous. Those are not ingenuous reasons. The real reasons are different, and they have to do with company policy whether you know it or not.

                          That doesn't make much sense. A normal user wouldn't know what the hell to do with a root shell without "googling" any way. There is no "intuitive" way to use the root shell so it doesn't make a big difference that it's not "intuitive" to enable it.
                          Point proven WRONG. I myself am a reasonably advanced user and I did not know how to do it. I was offended by the fact that this obvious thing was never presented to me. I had no idea you could lock an account by randomizing the password (as I just witnessed, that it was like that) or deleting it. The help file (man page) even says that to lock it you have to put the timeout to 1. What the ****? is that locking an account? There is no good way to lock an account even. Theoreticaly, those -dl accounts are not locked, they just have a password that no one knows.

                          So BASICALLY YOU are saying that YOU have no reasons to enable it to become a "power user" but that doesn't mean that your experience (or thought about it) is shared by anyone (or even many). You keep saying that I generalize and project (my words) but you are doing the exact same thing, if not much more. Why so jealous? If someone wants a thing, why not do it? Why must there be "GOOD REASONS" for wanting it in any case? In the first place? Why must you agree with their reasons before they can do it? There are no reasons against it. Now you are looking for reasons for it, but the user already has them (or at Least I Do, now I am projecting a bit). I find that in general the crowd in the OSS world tries to dissuade more than it tries to enthusiasm. To enthuse. Anything you do that falls out of line is dissuaded.

                          Suddenly you have to demonstrate WHY you want to do a certain thing, to provide reasons for it, even if no one else is affected by your choices than you. Suddenly you have to justify your choices even if you are the only one doing it, and no one else should care. Not in that way.

                          I was just arguing against something (scaring people) because I feel it is harmful. You don't want to scare people even more than they already are. Even Vinny just expressed that sentiment in this thread. "Oh no, what If I Do The Wrong Thing?" This sentiment is espoused and strengthened by such "warnings". You want people to feel at ease, not be scared. Don't make such a big fuss about it. I'm making a big fuss about people making a big fuss about security for ordinary novice users ;-). Cause they are not made to feel at ease. I am not talking about the default setup, again, but about the attitudes. I wish to change them, if in any way possible, at any length or in any mode of living during the years. I have a stake too. I too want Linux to be successful. Otherwise I would not use it of course. I too am pedantic in some ways.

                          I just feel a hands-on experience is the best thing you can have and we agree on that. But scaring people does not foster or allow that. I guess I'm doing the exact same the other people are doing: trying to say what would work best for a novice user. Well, let's just see our reasons then. I just don't want people to be scared (or get scared) but it also arises from a sentiment that I feel treated as a child by those attitudes. I feel as if I am treated BY a child. As well. Only children treat other people "as children". ;-).

                          That is a bit insultful I guess.

                          I personally just DO NOT like being spoken to like that. In this condescending nature, that I can't make my own choices and I need to trust others on their word, even when they are providing scarcely any good reasons or any sufficient information, or without any good takes on both sides of the argument. I feel I am being treated like an idiot because the truth is not presented to me because I cannot handle it, or could not or would not be able to handle it. I feel disrespected in my intelligence by that document, and I am sure everyone is feeling something of the same, whether they realize it or not. Also a bit of projection, I did not ask them.

                          So, my question then is: how do YOU feel while reading that document? You yourself? I am talking of the sudo versus root thing of Ubuntu. That was linked by Vinnywright in the second post to this thread.

                          You only need to reboot if you have messed up your sudo access. It's hard to imagine anyone would get into a habit of doing that (at least frequently enough for it to be annoying.)
                          I'm just lazy ;-). And I don't like going into recovery mode. It could be two reboots. I'm lazy, like I say. I am sure everyone is :P :P :P :P :P. I wanted to get on without rebooting, and I was able to because I had access to my root account. That is just the gist of it. Just personal stakes. I had activated my root account looong before. In fact, it is the first thing I do. I guess I had read about how to do it, or looked it up. Just the fact that there is no root shell during the installer (unless you do sudo su from a live session) in recent Gnome Ubuntu and also in Kubuntu I believe messes up my install goals because I cannot activate a LUKS setup. That is one thing i need a root account for and it is a gripe. I hate it. Why the hell turn it off if there is no risk to it because any ordinary user would never press alt-f2 or ctrl-alt-f2 to get a root shell to mess stuff up using commands he/she doesn't know? Why this... parenting style? It is so patronizing. I hate being patronized. Just let me do it by myself. Let all children do it by themselves. It is how they learn. I learned this stuff when I was 15. That is 18 years ago. Or even before, I started programming when I was like 10. Or 8. I don't know anymore. I learned everything the hard way, but also because I had no friends or access to the net (BBS etc.) in that period. That would do the same stuff with me. No one had modems where I lived. Even when they had long been there.

                          I went to a computer shop in Amsterdam to buy a freaking Linux DVD set, it was a developer DVD set even. It had installs ... wait... CD set. It had installs of Slackware, Red Hat, SuSE, and perhaps also Debian. 6 CDs. I went to Unix meetings where boring people sat behind their computers not talking to anyone. I didn't have a computer with me because I didn't have a car (obviously) and there were scarcely laptops (that I couldn't afford). I had no modem (only a win-modem) so I could only go on the net in my dreams.

                          That's a fairly good assessment of the drawbacks...it's not the whole picture (for example, with the root account you lose the auditing capabilities of sudo), but a good guideline.
                          I myself have never used the audits though. Probably also a personal perspective. It just doesn't do it for me or add all that much. It is another thing you need to know, where those logs are and how to use them. I didn't know they existed either. I just learn stuff by seeing someone do it as I try to achieve the same. I usually find by exploring. I scarcely read documentation these days except when I need to (so I dig through man pages a lot). I sometimes go and look for the other docs (/usr/share/doc/) but it is not always helpful. What remains then is the web. Which you only do when you have a reason to find something. It is a bit of a confirmation bias. You never read stuff you are not looking for (or hardly) so you cannot be presented with stuff you didn't know (or didn't know to look for). Except when I let myself drift and peruse some more manpages for the heck of it. But generally I am more concerned with the bash shell not retaining and integrating my commands across the various sessions. I sometimes go through 6 different shell windows to do a CTRL-R to see if the current shell has a history of my command. That is not always a sudo of course.

                          I cannot find any audit log and it is not mentioned in man sudo. ..... It is something you need to activate, right? Then why is it relevant for novice users?

                          However:

                          Of these, only the first one is somewhat of a (small) benefit, all the other "benefits" have nothing to do with whether you have root account enabled or not.
                          Aye, the other ones were the lack of drawbacks ;-). So it is personal, so what. That means the choice starts being either/or. It is not strongly in favour of either. Personally I would *always* advise *anyone* who is even slightly in the position of a desktop user to enable it. "You'll thank me for it later." It is just security. And trust me, I feel that my take on what constitutes a real threat for an ordinary user is a bit more in line with reality than this "you will get hacked" stuff. I deal with "regular folk" constantly and I have no one in my life who is a computer programmer or anything of the kind (except some user on Kubuntu IRC). I used to have a friend, and that was the only one. In the past, I had some friends who did the same thing, but mostly (after elementary school) isolated from one another. Of course, I studied... something IT. And I was surrounded by nerds. And I left them, because I cater more to girls. Women. Alpha studies. I was not into learning bridge and being national champion. I have old friends who are coders from University. But I am not in touch. i am as much Alpha as I am Beta in my studies. I studied philosophy, psychology and Japanese culture and language.

                          I deal not with programmers on a daily basis. Neither with computer users even. I talk to teenagers. I deal with presentation issues. I make a website. I try to run away from my life, or find a new one. I want to travel. I am psychotic. I am manic. I am mad. I am sober. I am relentless.

                          I watch anime. I read Japanese now and then. Scarcely, bits of it. I get convicted. I steal time from 15-year old girls. I am stupid.

                          Anyone in MY vicinity would be better off having a root password. But perhaps that is because they have me around. I can expect that some in isolation from my way of doing things would have a different set-up. Since when I'm not around, they'd have to depend on other people with different mindsets who might not be willing to help if they deviated from the norm. It is all interrelated, it is all connected. I just espouse my views and go with what works should I have my way. You can espouse yours. But it also depends on whether the person thus helped (or not) can expect your help later down the line.

                          Or mine.

                          For this reason I am (or was) just gently suggesting that maybe a different outlook on life would help. I was saying there is a tradeoff and I feel the tradeoff works in favour of not following the Advice of the Ubuntu Crowd at least when I'm around (since I am speaking to you and I can defend my views). I cannot be reckless, but no one here is going to heed my words if they don't agree with it.


                          Nor did I say so. I said people will probably learn something. Something that you said is important.
                          But they have no need to learn something. And letting someone learn something is not a reason for them to be doing that, if there are no other reasons (that fall in line with what they want to do, ie. creative). Schooling is idiotic if it is just repeating things other people have done a thousand times before and you can throw away the results after. People should be (that is my opinion) persuaded to go after their own goals. Learn when they want to, but not because someone else feels they should "learn" something in a painful way.

                          That is just my opinion, but I bet you disagree... not entirely.

                          I'm calling them as I see them, there are basically two ways this could be done by the user, both of which are stupid (in my book):
                          You remove your sudo access without knowing how to get it back --> stupid
                          You run a command/program/script without knowing what it does and how to recover --> stupid
                          Then I must be the stupidest person in the entire world, because I do stuff without knowing how to recover all the time (I call it "git" but I use backups for that :P ) but no one can be expected to know everything. A help file can be misleading. You cannot expect perfection from anyone, or they'd not be needing to learn anything, right. There would not be any call to get better or whatever. You cannot expect people to research every step they take even if it is a minor one.

                          In the case of usermod -G (that was just the only tool I had in my arsenal) I just read it real quick and I had thought I had used it before successfully. The change is only apparent after reboot. I did know how to recover. That is all. I know myself a little so I have placed in my arsenal a way to recover: the root account.

                          See how it all fits together? :P.

                          LOL LOL LOL LOL. How is it stupid to be able to anticipate the riot of your own failings?

                          And if stupidity is a blemish then perhaps we should all be prevented from dealing with it in the way that we want, but if it is not, then perhaps there can be reasons to deal with it the way we want.

                          And in my case I do so many things and I work so fast that I spend time providing fail-safes to my own mistakes.

                          I just know how I will do a certain thing so I know in advance what conditions not to create for myself, because they would result in disaster. Call it disaster management.

                          Thank you for the self-awareness.

                          True, but you have a fall-back mechanism even without enabling the root account. And this is again the "safety blanket" argument you said you never used.
                          No, I said I never used it to argue that the default should be changed for everyone. (BECAUSE I DON'T EVEN want the default to be changed for MYSELF) (which I said right at the beginning!!).

                          Comment


                            #28
                            Originally posted by Chdslv View Post
                            General audience doesn't need root, or even understand what is root--all they want is to use the computer, click yes to updates and never to tinker--only few of us wants to tinker. Its better the user is just a user with certain things to play with, changing backgrounds, themes etc. Some even don't want that.
                            Personally? I feel this general audience shouldn't be using Linux.

                            Its very true that everyone should use what they need, not others tell them. That's why there are umpteen amount of Linux distros, FreeBSD distros, iOs, Windows and even Android.
                            Flies in the face a bit of this "it has to be easy" thing.

                            Do you have any problems with Kubuntu Vivid? I have some, but I'm going to wait, even though there is a Final Freeze on from yesterday. If you have any problems with Kubuntu Vivid, put it on, someone would reply and I'd learn too.
                            I already had a bug fixed. It was in the live session of the installer. Screen would lock with no way to recover. There was a change in the plasma configuration between 5.2 and 5.3 and a new option was needed that was not added yet.

                            Comment


                              #29
                              xennex81 I'm just lazy ;-). And I don't like going into recovery mode. It could be two reboots. I'm lazy, like I say. I am sure everyone is :P :P :P :P :P. I wanted to get on without rebooting, and I was able to because I had access to my root account.
                              Hmmm...time you move to Windows. Nothing to tinker with.

                              Actually, I think you are just lonely. I never read such a long post before. This place is to find help on Pre-Release Testing, not for rants. If you have no problems with Kubuntu Vivid, let it go. Calm down.

                              Comment


                                #30
                                Originally posted by xennex81 View Post
                                Nor was I.
                                You've been doing that repeatedly: "Canonical should not warn people of enabling the root account (because I don't like that)", "people should be nicer to me on IRC (they are just jealous)" etc. The sense of entitlement is rather off-putting. Which is the reason why I will be done with this thread after this post. I also don't like lengthy posts, but this is of course not your fault. I'll gladly discuss other topics with you, but I'm done with this thread.

                                And there are also many people who are habitually scared by .e.g. virus selling companies (anti-virus selling companies) and other tech companies that have a stake in scaring people in order to sell more services. Even my father is scared of viruses and he has never used a computer, but it is what people tell each other. I like to put a bit of sensibility and madness (or rather sanity) into it.
                                I don't see the relevance.

                                I am not a random people on the internet
                                Everyone is a random people on the internet (including myself). You do the work (or pay for the work), you get to decide. No one owes you anything whether you are a developer or not. You can voice your opinions, no one needs to listen (or agree).

                                So the statement that you have all that it takes to know what a user wants because you are a developer, is pertinently false.
                                Never said anything like that.

                                Nope, but generally I am not telling people to shut up (like they do in IRC) out of a jealousy because someone is having more fun than they are.
                                Can't really say anything about IRC, I've used it maybe three times in my life. But comments like "out of a jealousy because someone is having more fun than they are." just make you sound like a crackpot (which I don't think you are).

                                That's your personal point of view, and your personal perspective on that, but apparently you are using your personal feeling to prove a point that no one else should want it either.
                                Actually, it was the other way around. You implied that one needs to enable the root account to be a power user ("because someone decided that you should be dissuaded from being a power user"). No one is dissuading anyone from being a "power user". One can be a power user without enabling the root account, I certainly can (never said that this is the case for everyone).

                                Point proven WRONG. I myself am a reasonably advanced user and I did not know how to do it.
                                If you say so. But I didn't say you'd necessarily know how to do it, I said normal users are capable of googling for the info (or ask on a forum) if they need it.

                                I was offended by the fact that this obvious thing was never presented to me.
                                Seriously? Offended? And that isn't your problem?

                                Theoreticaly, those -dl accounts are not locked, they just have a password that no one knows.
                                I don't know where you got that, as it is incorrect. The -l option disables an account by changing the password to a value which matches no possible encrypted value. it's not a password that "no one knows", it is a password that cannot exist.

                                So BASICALLY YOU are saying that YOU have no reasons to enable it to become a "power user" but that doesn't mean that your experience (or thought about it) is shared by anyone (or even many). You keep saying that I generalize and project (my words) but you are doing the exact same thing, if not much more.
                                Nope, you are not reading what I'm saying. I've just pointed out your generalizations. I'm using myself and my opinions as an example why your generalizations are not correct, not once have I said that everyone either should or do share my opinions. I'll give you an example if that is confusing:
                                You: "And they (the developers) do this because they think they know better than those other people." (so you're basically claiming that all developers think they know better and that is the reason why they do things)
                                Me: "I'm a developer and I don't think that (and that it isn't the reason why I do things)" (I'm not saying that all developers think or should think like I do, just that you are generalizing your opinion of developers and that generalization does not extend to me).

                                Why so jealous?
                                That's just sad...and weak.

                                Suddenly you have to demonstrate WHY you want to do a certain thing, to provide reasons for it, even if no one else is affected by your choices than you.
                                When you claim to know what other people should do, people are going to expect reasons for it. If I had said to you that you shouldn't enable the root account (note that I haven't done that), you would probably expect me to give you valid reasons for not doing so. You might even wish to question my reasons and give me your own reasons why you should (this is basically what I and others on this thread have done).

                                I personally just DO NOT like being spoken to like that.
                                So, my question then is: how do YOU feel while reading that document? You yourself? I am talking of the sudo versus root thing of Ubuntu.
                                It's just a document...It's not written to anyone in particular (like you or me). I really don't feel one way or the other, they aren't telling me personally what to do. They have just written a document they think best serve their target audience. It's not a personal insult against me, you or anyone else.

                                I'm just lazy ;-).
                                That's all fine and good, so am I.

                                I myself have never used the audits though. Probably also a personal perspective. It just doesn't do it for me or add all that much.
                                Of course, we all have our needs and preferences. Doesn't mean it's a feature that doesn't matter (It might be extremely useful for some) and wasn't saying it was important for everyone.

                                I cannot find any audit log and it is not mentioned in man sudo. ..... It is something you need to activate, right? Then why is it relevant for novice users?
                                sudo logs commands to /var/log/auth.log (through the syslog daemon), it doesn't need to be enabled. Novice users don't need to know about it, it's a feature they can find if they happen to need it. And even if some people can't find it, it doesn't mean the feature is useless.

                                Personally I would *always* advise *anyone* who is even slightly in the position of a desktop user to enable it. "You'll thank me for it later." It is just security.
                                Yeah, that's the difference between us. I don't give general advise on the subject to you or anyone else, because people have different needs and preferences. Enable it, don't enable it...it's all the same to me.

                                but not because someone else feels they should "learn" something in a painful way.
                                How is going to the recovery mode "painful"? Just because you would have preferred to do it another way? You yourself might prefer one way of doing things (and that's fine), but that doesn't mean other ways are wrong (or "painful").

                                Then I must be the stupidest person in the entire world, because I do stuff without knowing how to recover all the time (I call it "git" but I use backups for that :P ) but no one can be expected to know everything. A help file can be misleading. You cannot expect perfection from anyone, or they'd not be needing to learn anything, right. There would not be any call to get better or whatever. You cannot expect people to research every step they take even if it is a minor one.
                                I didn't mean you or anyone else is stupid (smart people do stupid things all the time). And if it's your philosophy that you dive into things head first and learn by doing, I wouldn't call that stupid either (your life and your machine, who am I to argue with that), but you can hardly blame the system if you manage to mess things up either (or tell other people that they should change their system because you managed to mess things up).

                                In the case of usermod -G (that was just the only tool I had in my arsenal) I just read it real quick and I had thought I had used it before successfully.
                                I generally prefer "adduser <user> <group>" to add a user to a group, no ambiquity there.

                                No, I said I never used it to argue that the default should be changed for everyone. (BECAUSE I DON'T EVEN want the default to be changed for MYSELF) (which I said right at the beginning!!).
                                Duly noted, I read too much into what you said.
                                Last edited by kubicle; Apr 18, 2015, 02:31 PM.

                                Comment

                                Working...
                                X