[NTLUG:Discuss] DistroWatch 10 Most Popular Linux Distros

[Kenneth Loafman]

terry wrote:
> On Fri, Apr 3, 2009 at 12:01 PM, Kenneth Loafman <kenneth at loafman.com> wrote:
>> terry wrote:
> Why then does the user only have to do use sudo to set password for
> root in order be able to log in as root from then on?  Or until it is
> changed back... $sudo passwd root & and then $sudo passwd -l root to
> set it back and disable root login again.
> 
> But that little trick is not necessary in the first place because one
> only has to do
>   sudo su
> or
>   sudo -i
> and he/she obtains a root shell.

It was meant to discourage, not to disable, access to root.  Most users
coming from Windows would not know how to do that.  It's an interesting
example of security by obscurity.

> Some users, (especially novice users) may use a pretty weak password
> for their user account, which DOES in fact afford several avenues for
> admin priviledges. If they install openssh-server, how in the world
> that can be considered as a security enhancement is going to be pretty
> hard to explain, but I'm quite willing to listen if anyone would like
> to give it a shot.
> 
> That's the reason I say that it is a good thing that openssh-server is
> not installed by default.  I think it may have opessh-client installed
> but not openssh-server on a default Ubuntu / Kbuntu / Mint install,
> but one only has to do sudo apt-get install openssh-server and away
> you go - if you do not have a good firewall between yourself and an
> untrusted network you darn sure need a good strong password for user.
> In comparison, if it were a normal linux distro that has a good strong
> root password and (to go a step further) if sshd is limited only to
> user and not root  - (which in my opinion ought to be the default
> configuration), we must admit, we'll be a lot better off.
> I welcome any criticism or challenge to my assumptions, but at this
> point, I can't see it any other way.

I have to agree w.r.t. ssh access.  I think root access is defaulted to
off in Ubuntu's ssh server, but I can't remember.  I always check it
anyway.  If the user has a weak password, and he's admin, then there is
a security hole there anyway, but there would be one even if he did not
have admin rights.  All it takes is to have sudo privs and you're off.
Giving the first user admin rights is just a convenience.  Giving them
sudo rights is the security hole.

If you don't give them any rights, they'll just sign on as root and stay
there and we know that's bad.  So, where's a good middle ground?

> I must admit tho, that we sometimes need protection from ourselves.
> If someone is insane enough to log in as root and  use it as if it
> were a user account, well yes, they could initiate a GUI and get on
> the internet with the machine and it is just a disaster waiting to
> happen - and yes, I know, and X-MS user may very well do just that -
> even if they are instructed not to, and so in that way, yes, even I
> would have to admit that in that situation, a Ubuntu system is the
> only linux distro someone in that mindset should ever get hold of --
> Ubuntu is probably the best security someone like that could possibly
> have, because it protects one from one's self.  But as far as
> protection from the outside, there is no way [at this point] I could
> consider it  a valid excuse for disabling root and giving admin
> priviledge to the user.
> 
> And yes, I did - I stole your argument - I had every intention of
> letting you make it for yourself.... but just couldn't stop
> myself..... sorry.... I get to typing and the keyboard just carries me
> away sometimes....  :)

It's a hard choice in a distribution, and I'm sure Microsoft went
through some of the same arguments.  It's all a balancing act, user
convenience vs security.  Imagine a Windows user sitting down to a
highly secured SELinux or BSD system and imagine how long it would take
him to go back to Windows.  That, regrettably, is the decision process
the distro makers have to manage to answer.  Security is not convenient,
and convenience is not security.  It's all a tradeoff, and the tradeoff
generally made is to entice users to stay, thus convenience.

Every user we can convert is one more we still have to educate, and one
more chance to teach about security in general.  At the very least,
think of it as one less Windows system on the internet.

...Ken