Re: FAQ: Root Password

I believe it was the editor, and I definitely wasn't redirecting a sudo. It was a read-only or write-protected error, I forget which. Working on gnome I was definitely out of my element, though, so perhaps something else was amiss. The old method I had always used for enabling root wasn't working. I thought maybe it was gnome-specific since I had never seen Kubuntu do that, but when I later installed Kubuntu Karmic I also had problems with my old enable-root method, and had to devise a new one. Though I don't remember all the details there either - that was way back with one of the alpha versions of Karmic. I just assumed they had changed something in Karmic, updated my enableroot script, and moved on. But I agree that I now can get no editors to behave that way, so I'm somewhat confused. Then again, the only systems I'm trying it on already have root enabled or aren't running Ubuntu.

Yes that's what I meant - I prefer to open a root shell and rarely find the one-off sudo commands useful. The only exception to that are aliases that I use, in which sudo enables me to use the same alias as both root and user.

I realize everything can be done on Ubuntu as is. I just don't find much usefulness to the roundabout approach. I suppose it stops people from logging into their desktop as root. But in other areas I believe it weakens security and is a nuisance. Just my view of it all.

Re: FAQ: Root Password

I must be missing something but I logged into KDE as root for the last 5 years on Debian and I have never had any problems. Why is there so much controversy about this? These are PC's not servers - if someone screws up their computer that's their business. If you were logging into a server owned by someone else that's a different story.

Re: FAQ: Root Password

I honestly don't know if the KDE folks recommend against this or not. By logging in as root, everything you do is done as root, so you lose the protections of the root/normal user division.

I agree fully - that's what I basically said in Fear Not Root. Also, root does not offer as much protection to a PC user as many people like to imagine, as I explained there. At best it protects the least valuable and most easily replaced data on your PC.

I think sandboxing is a far better security model, and that's something I want to look into. Even Microsoft sandboxes IE in Windows7 (from what I've heard). Linux is behind the times there, relying on the false 'root protects all' concept.

Re: FAQ: Root Password

Good article

Re: FAQ: Root Password

No kidding. I had no idea that scripts with sudo commands could be run without the password, and so easily! Thanks, Rog!

Re: FAQ: Root Password

Entirely possible. But all those years in debian and you never ran into this discussion before?

If you did, how about offering your opinion on why it would be beneficial to do so (as to why recommend it to everyone or that it should be a distro default, which is what is being discussed here)

What controversy? No one is telling you what you can or cannot do on your computer. But distributions are not created for you (unless perhaps you make one yourself). Distributions are created to fit a lot of people. People who have multiple users on their computers, run servers or server software on their PCs. People who have kids and pets that like to mess with the keyboard. People who ran experimental software or scripts written by others. People who operate their machines when tired or intoxicated, or who are simply bad typists. People who visit dubious web sites with their browsers. People who do not know much about computers (...you get the picture).

If you want to create a user-friendly distribution that almost anyone can use, it's reasonable to not set the defaults so that it is overly easy to shoot yourself in the foot. An expert user can create desktop shortcut to wipe all hard drives, but normally one would not put such a thing in the distro defaults. Note that you are completely free to change the defaults on your machine(s), or use a different distribution altogether if you do not care for the defaults.

Certainly true to an extent, but that is not that great of a motto for a "common man's distribution" (although I bet it would have a user base, it does have a strange appeal to it ).

@IgnorantGuru
Indeed, root/user distinction does not protect user data (although it can protect other users' data on the machine), but for malicious code to make the machine unbootable or hide what it is doing it needs root access. You can get your personal data back from backups, but the biggest threat is malicious code that can run on your machine undetected.

You also give sound advice when saying that scripts/programs that need/use root access should only be writable by root (common practice is putting them root owned in /usr/local/bin or /usr/local/sbin.../usr/local/bin is also a good place for normal user scripts that you want to keep "out of harms way"), but I don't really see how kubuntu (or it's defaults) prevents you from doing that.

In my experience people using kubuntu are not "afraid of root", they often use the root account daily. sudo is just another way of accessing root account.

And you are of course correct in saying that root/user division can not be considered the "ultimate solution" for computer protection. But it does make machines a lot safer than they would be without it.

For an "unbiased" opinion, you can ask on forum.kde.org or kde mailing lists if you wish.

Re: FAQ: Root Password

# Allow root logins?
# Default is true
AllowRootLogin=false

Funny how it says default is true but the distro comes with it set at false.

Re: FAQ: Root Password

While it may be true that many people share computers there must be someone who manages it and that someone should be able to log in as root without having to jump through hoops. If I have a linux box that I use as root and others with their own accounts what difference does it make? They cannot log in as root without the password and mess up the machine. It's even a pain installing debian because you have to create a user account during the install that I never use. This is the first time in my linux career that I have been using a regular account and I don't find it much different but at the same time, there is extra work being done in programming each time the user needs to do something that requires root privileges. I find it irritating and interferes with the flow of my work - but that's just me.

Re: FAQ: Root Password

Allowed != Recommended
(smoking is allowed but hardly recommended :P)
And there are other distributions with the same setting.

1. Why? (because that's what you want? should every distribution be the same in this regard? No room for different defaults for different mindset? should you be using something else?)
2. One can. (If one does not know how to change the defaults, one probably shouldn't)

You've misunderstood me if you think I only meant protecting the machine from local users (you can't easily protect your machine from local users anyhow, root account or not), but protecting the machine (including the other users and their data) from yourself, bugs, typos, pets, malicious code, acts of gods etc.

Maybe you don't need/want such protection, but the distro defaults are not set based on individual needs.

Understandable, but it's impossible to please everyone with any default setting.

Re: FAQ: Root Password

Very true. I was giving my opinion which you asked for about how I would like it. Did anyone do a survey and ask the users how they would like the default settings? I think these decisions are made by the people managing the distributions and they are based on what they think is best - not what the consumers would like. This is their prerogative - I am fine with that.

Re: FAQ: Root Password

The results of such surveys would certainly be interesting to see. But I'm not a big fan of creating software/disributions based on "consumer" polls, because:
1. It's hard to get a good sample of data (that is both large and varied enough)
2. Only a portion of "consumers" know enough to make logical choices (that would be affecting everyone), generally developers know more about these things than the average user.
3. Developers usually do their best job (and have the best motivation) when working on things that work how they want them to work.

The way "comsumers" enter the mix is voting with their feet. The distribution/software that offers desired features/functionality/user-friendliness/security will gain users and developers (and stay alive). Of course, the default settings are just one part of the equation (as they should be, since one can change defaults).

There will always be users with different needs/preferences or special use cases, that's why there are so many distributions (with different design goals and defaults) with a solid user/developer base.

Kdesudo future

https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
--> https://lists.ubuntu.com/archives/ku...ay/006059.html