8 Jun
2009
8 Jun
'09
12:15 p.m.
On Mon, Jun 08, 2009 at 10:14:24AM +0000, Andy Smith wrote:
Hi Adam,
On Mon, Jun 08, 2009 at 11:03:47AM +0100, Adam Spiers wrote:
Interesting page, thanks for the link.
Based on what I've seen on this list, it looks like most of your
customers are experienced administrators who are well aware of the
dangers of root. I don't believe there is anything special about
Ubuntu that makes direct root access any more dangerous than on other
distros; it's just that Ubuntu is the distro most often used by Linux
newbies, so in that light their sudo-based approach makes sense.
The thing which interests me most on that page is under the
"Misconceptions" section:
I won't be able to enter single-user mode!
* The sulogin program in Ubuntu is patched to handle the default
case of a locked root password
This doesn't explain what happens if your root filesystem is hosed
badly enough that it requires a manual fsck before it can be mounted
read/write. In that case it always prompts for a root password,
right? How are Ubuntu users expected to deal with that?
(Incidentally I'd never thought about this before, but I'm guessing
that mkinitrd mirrors /etc/shadow into the initrd to avoid a catch 22
here?)
Andy Smith (andy(a)bitfolk.com) wrote:
Ubuntu says bad things might happen and hints that it's unsupported:
https://help.ubuntu.com/community/RootSudo#root%20account BTW this sort of failure mode (breaking sudo) is
something I dislike
about Ubuntu's stance of not having a root password. sudo will also
break if you screw up the permissions on /var or /var/run.
Any reason why you can't just run 'sudo passwd' straight after every
fresh install of Ubuntu? I'm 99% sure that's what I did (it's been a
while though).