Ubuntu developers are finalising preparations for the release of the next version – dubbed Feisty Fawn – of the popular Linux distribution in mid-April. Overnight, Ubuntu developer Tollef Fog Heen announced Ubuntu’s main software repository had been frozen – with no changes allowed to the code – as developers got ready to issue a fifth major test version (‘Herd 5’) of the next version of Ubuntu.
I have been looking forward to this for a while, I have been very impressed with Edgy And am hoping it gets better from here.
Does Ubuntu not use a ‘root’ passwd I installed it after using RedHat for years (now Fedora) and it stated to use sudo instead.
Maybe I need some insight or maybe I did not read the docs or something?
I am not really sure what you mean. Ubuntu does have a root user but you simply do not know the password of that user. It is encouraged to use the sudo command. (You still can change the password of the root user)
Ubuntu disables the root user (for logins) for security reasons by default. If you inisist on having a root shell, use sudo -i (i for interactive shell) and type in your user password.
Take a look at this page for additional information:
https://help.ubuntu.com/community/RootSudo
Also, if you insist on having a root user, sudo passwd root will set the root password and unlock the account.
Or simply cheat and do “sudo xterm”.
Also, if you insist on having a root user, take off your boxing gloves, climb down from the ceiling, get your head out of your butt and join the rest of humanity, sudo passwd root will set the root password and unlock the account.
Using sudo instead of a normal root account doesn’t do much for security at least not if, you like Ubuntu, have default settings that allow:
sudo /bin/bash
However, it is still very useful in large settings where there are many people that need to perform administrative tasks on the system as they can use their own password to gain administrative righs.
It is also possible to configure what each user is allowed to do and log who does what.
The point to using sudo is to guide users away from using root as their primary login – much like Windows users tend to use an Administrator-level account. OS/X and Vista take a similar approach.
The result is that more commands are run at normal privilege levels which increases the overall security of the system.
However, it is still very useful in large settings where there are many people that need to perform administrative tasks on the system as they can use their own password to gain administrative righs.
Oh hell yes.
The ability to delegate certain privilages to certain/users based on domains/machines is very very handy. Lets me allow some users to do some things on certain machines, and provides an audit trail.
Having root is also handy for getting access to machines that have fallen off the network (where you use a network based authentication service).
I do not like the way the Ubuntu community has locked down the root account as such. To me they are taking the control from the actual user and forcing them into a sheep like setting.
In RedHat you still have a root account and I like this option because it allows you to configure and the CHOICE to do what you want to do to the system. This is what aggravates me with Linux it is trying to emulate Windows why go this route. That is the beauty of Linux go your own way not to become some watered down operating system locked down with no options.
From – https://help.ubuntu.com/community/RootSudo
Enabling the root account in Ubuntu is neither supported nor necessary.
I will stay clear of Ubuntu for this reason, Fedora is correct for the staying the course of having a ‘root’ account NOT locked down!
Edited 2007-02-28 23:19
Umm, How are they forcing anybody to anything? A smart admin wouldn’t use root to do anything but the most critical of system administration. Not to mention if you are already Linux savvy you would have known to how to enable it the minute you boot into th system. Using sudo to do admin tasks is a GOOD thing. It gets the user into the habit of not using root for everything and login in as root to run one command that needs root privileges. The minute I saw this in Ubuntu, coming from Red hat, I thought it odd then I started to see how practical it was. Not every user remembers they are root when they run things, restricting it to single commands, or if you are smart, interactive mode makes it much easier for any user including experienced ones. This also lets a user do administrative tasks without remembering two passwords, all they have to know is their own password. Besides this is Linux, it works the same regardless of where it comes from, if you know what you’re doing then getting it to work how you like isn’t going to be a big deal. They can’t restrict you from doing anything the functionality is there. Its ingrained to the system.
Oh ok, let me guess if someone can’t remember a password then YOU have NO business working with system.
Second if you are performing administration you are logged in as root.
Lastly, why not just give blind root access like in Windows so the thing can become a big mess!
NO thanks I will stick with an Operating System that actually requires one to use their memory or brain power for remembering a password…
Edited 2007-03-01 00:38
No you are not logged in as root. What you said was the stupidest thing I’ve ever read. Ubuntu, OSX, even windows, require that you use a password to authenticate before doing an administrative task. Ubuntu uses the same password that you use to login, guess what so does OSX, the only one who is to stupid to do this is windows with the that wannabe gksudo crap that doesn’t say anything other than allow or decline. Being logged in as root means that you won’t get asked to authenticate when you are doing something potentially dangerous to the system, thats why running as root isn’t smart. Maybe you should get a job as an admin, come back and apologize. Though with an attitude like that you probably won’t get far.
Uh I do admin work and I have a root login in which I can remember the password.
So basically you are saying that not even God should be able to log in as root.
That is insane, YES I perform system updates at work with ROOT and the system has not crashed, self destructed or caught on fire.
Ubuntu is like electricity they are taking the path of least resistance.
Just a comment on the sudo vs root thing. I find sudo preferable for a simple reason, I am not the only one administering my servers. By giving a user limited (or full) rights with sudo I can simply disable their account without having to worry about changing the root’s password. This is sort of an important note so I will emphasize, by using the sudoers file you can give an account limited access to root functions, which is useful for an admin who needs some abilities, but who should not have root access to a system.
On Debian I disable all remote root access except through sudo, though I leave it active on local tty1-3.
If I am doing an extended set of actions as root I usually do a “sudo su -” to give me a root shell and work from there. Since I ssh around a lot “sudo xterm” is not as appealing.
Enabling root is not inherently better, and if you find you prefer an active root account it is hardly a complicated thing to activate.
I guess my beef with it is that why would they ‘dumb down’ system administration for if you are administrating servers or in a grid environment it defeats the purpose…
RedHat from X serires to RHEL Enterprise it is easier to use root for system admin work period. I can understand if you were giving access to say for instance to stop/start a process for support people or something else like that. But I cannot understand why Linux is going the Windows route on a lot of task. It just boggles my mind how everyone complains about it but then they emulate it to make it a copy…
Oh well, I am a Linux advocate and will continue to be since I support RedHat RHEL3/4 grid clusters at work. It seems to me they are trying to dictate like MS does with Windows is the biggest problem I see…
RedHat from X serires to RHEL Enterprise it is easier to use root for system admin work period.
RedHat from X series to RHEL Enterprise using root for system admin is less secure and NOT easier, period. For one you can get the same remote root shell by logging in as a unprivileged user then using “sudo su -” as I mentioned earlier, this requires an extra command and a password but otherwise is the same as sshing in as root. (Allowing ssh as root is not a smart thing to allow either for that matter.)
Next, sudo is not the “windows route”. The Windows route would be to allow an end user to run things as root privileges without prompting. Saying that sudo is the Windows route shows misunderstanding. sudo is a limited form of su, or do you think su is the “windows route” too?
To run anything as root using sudo you need to type in your password. Explain to me how this is less secure, or more “Windowish” than logging in as root to do admin, where everything you do and touch is as root. Using sudo your root priviledges are for the single command, that you have to type a password in for. Using root, you are root, for all commands, just like a System Administrator for Windows. Normally no one stays logged in as root, nor do they have privileges of root so security in POSIX is maintained.
Now to continue; grid, single computer, who cares? A grid does not magically make admin requirements different. Are you the only admin for these computers and do you have any staff rotation? Between VMs and physical boxes my office has about 17 active Linux servers and about another 12 test images that are up part time. This is not very many servers to maintain but I am not a full time admin, I am a developer who also takes care of the servers. We split the load across a couple of the developers. Now supposing we use root for pretty much anything, and one of the users leaves. We have to change root’s password outside of normal rotation. Further every time root’s password changes, multiple people need to be told what it is. Using sudo each of the admins who share responsibility for the server knows their own password and no passwords are shared across the whole. A developer/admin leaves, disable their account and you are done. (There is more done really, but that becomes a conversation of security practices in general instead of sudo and root.)
On any organization of decent size generally there is a rotating on-call available 24 hours a day 7 days a week. So right there you are going to have more than a single person who would need root access.
Can you explain to me how using root is better than sudo? I think I have shown clearly why in any situation but a user’s personal computer sudo has at least some advantages.
Disadvantages of [sudo] the person logged in does not guaranty that it is the actual user it just logs the events or commands they issued. They still have complete access to the system to modify system files ect… This seems to me more of a security risk or an open door.
As far as passwords go they should be expired after a more than 30 days. Security should be a top concern that is why I do not like this type of setup.
“Disadvantages of [sudo] the person logged in does not guaranty that it is the actual user it just logs the events or commands they issued.”
That’s true for any user and any setup, I don’t see what’s the difference compared to a root shell.
The basic idea is that it is more secure to do sudo cmd than su cmd, because for su command, you need the root password. In the latter case, it is easier to retrieve the root password (key logger, etc…). Also, using sudo, you can control much more what a user is allowed to do, eg you don’t have to give a user all the rights of root.
If you want more security than that, you should use more sophisticated systems (selinux, etc…). Using a root shell is certainly not more secure: it does not add security, there is no logging, and the root passwd can be intercepted through various malicious things.
Disadvantages of [sudo] the person logged in does not guaranty that it is the actual user it just logs the events or commands they issued. They still have complete access to the system to modify system files ect… This seems to me more of a security risk or an open door.
As far as passwords go they should be expired after a more than 30 days. Security should be a top concern that is why I do not like this type of setup.
0) root requires a password, sudo user requires a password…. Same password rotation requirements… How again is this less secure? Either way the attacker needs to get a password with the ability to have root access to the system. Any user who would have sudo access would be a user who would have the root password to begin with. How hard is it to understand that either way an attacker would need to penetrate an account and know/determine the password. If using rsa_id’s the attacker would need a physical file and two passwords for a sudoer, vs a file and a password for root.
1) root is a known account and it is common to attack that. pbuttercup is not a common account name though and would require knowledge of the system.
2) for remote access generally a rsa_id or a smartcard would be better than allowing password auth. Then an attacker would need to get the key/token first, then determine the password for the token, then once in determine the users account password. (This is an aside however in that it does not make the system more or less secure, this is more a comment on using passwords for remote auth.)
3) 30 days is too short, that is not security, that is silliness. That encourages users to write down passwords or rotate through a very small set of passwords, especially if you have multiple people who need to remember the password. Lock accounts that have more than 3 consecutive failures and increase the rotation to 120 days. (or better yet, do not allow remote password based access.) If you really need that tight of security use a smartcard or integrate SecureID (or equivalent).
I am sorry, and I do not mean to insult you, but you really should do some research on best security practices.
I repeat my question: Do you think su is the “Windows way”? Your argument is absurd in saying that allowing remote root is more secure than requiring a unprivileged user account to be penetrated where the security practices for both accounts are the same.
This guy really doesn’t get it!
A user is not automatically permitted to use sudo just because they are a user of the system. Other than the first user account created, you must give users the right to use sudo.
The other posters are attempting to educate you here and have given you excellent advise. You can choose to learn from their posts or not. It’s your choice after all.
The nice thing about sudo is that every command is logged inluding the username of the user running sudo. With a properly written sudoers file, you have full root command auditing, something you cannot do with a normal root login.
The other nice thing about sudo, is that you do not need to give out the root password, which is a *very* nice thing when you have multiple admins working on the same (set of) system(s). Again, it requires a properly configured sudoers file, but the time it takes to configure will usually be less time than it takes to change passwords all over the place when someone leaves the company.
You need to stop thinking in terms of “single system” or “single admin”. If you are using a standard root login to administer multiple systems, with multiple people, you really need to take a second, step back, and start looking at things from a “what happens is Joe gets pissed off and decides to take revenge when we fire him next week?” perspective.
There are plenty of things that bug the hell out of me about *buntu, but this is not one. It’s not a security enhancement, that much is true, but from the standpoint of usability it’s a great feature. User does not run as root regularly, but has access to root privs when needed so they can make system modifications and/or install software.
And lets face it, most folks I know who run a root-requiring system and don’t care about security tend to use a stupid password for their user (enter or “password” anyone?) and the same stupid password for root. Priv separation doesn’t make a damn bit of difference if every lock in your house, even the lock to the safe, uses a single easy to “guess” key (god I hate real-word analogies, but until we come up with something better, it’s what we have. At least it wasn’t a car analogy…).
Normally I wouldn’t say this, but your post is idiotic, and lacks any semblance of intelligence. Stop trolling.
You have a choice, the choice is for you to type sudo passwd root.
Obviously you don’t “need” the root account, or it wouldn’t be disabled by default. This is a pretty awesome security feature in my book.
Open a terminal, type “sudo passwd”, (without the quotes of course), then type your user accounts password.
Type a new password for root, repeat the password.
Now, open “Login Manager”, go to security, and allow root login.
Simple.
Will this bug be fixed in time?
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/67369
Stay tune.
Why is this news? why “a step closer to launching a product” is news?
If it is news after all,
why we did not get 5*365 articles in OS News about “Longhorn/Vista is a step closer to release”?
why are we not getting 1 daily article on every single Linux distribution under the sun?
I’m getting tired of “just because it says ‘ubuntu’ it’s news”. It’s downright annoying.
But we did get 5*365 articles on Vista.
Also, yes, this is news. If you didn’t think it was, why the hell would you click on it?
Not like it’s pushing other news out of the main page that hasn’t been there for over 24 hours.
Finally, just chill out.
I’ll settle it once and for all. It’s news because it was posted at a news site. Done. I do not want to hear this complaint again. If you don’t like it, move on to the next article!
So this year, there have been:
10 articles about Ubuntu,
and
over 50 articles about Windows.
So what are you talking about?
In the month prior to the Vista launch, there were literally dozens of articles on the impending Vista release. Meanwhile, I count only six articles about Feisty in the last month.
OSNews is quite balanced.
http://www.osnews.com/cloud.php
“Ubuntu developer Tollef Fog Heen announced Ubuntu’s main software repository had been frozen”
Is that really the developers name ?
I think we have found a good name for the next release. <-;
Edited 2007-02-28 19:06
Me: I’m running Ubuntu Tollef Fog Heen.
My Friend: [Stares and walks away]
Hmmn, probably a slow news day today.
First off, this announcement does sound a bit serious. I’ve seen jollier announcements detailing the launch of a North Korean missile test. Maybe a few Ubuntu devs could be shown waving alcohol containers, just to reassure viewers that this is Linux and not an international incident.
I’m also a little surprised that “Ubuntu developer Tollef Fog Heen” decided to make his announcement “Overnight” when most people are asleep and so will have missed it.
And A is called B; only knights are “dubbed”. So I guess this is a question now of “Arise, Sir Feisty”.
The article this announcement comes from goes on to say that some of 7.4’s original aims in the 3D arena at least have had to be scaled back. I guess this is a problem for any distro: only so much can be done in six months and there are only so many folks who can do it.
So long as 7.4 continues to make the solid incremental progress of all the other Ubuntu releases, folks should be well pleased.
I’d also be interested to see some analysis of the new Zenwalk release as this offers the new XFCE 4.4 in action.
“I and others do believe that 3D is an essential part of the modern desktop experience,” wrote Shuttleworth earlier this month. “It is difficult to buy a PC or laptop that does not include such hardware, and in terms of transistor count it’s almost as much as your CPU these days.”
That’s an argument. However, the mere fact that certain hardware is out there is not an argument in itself to start loading blobs. There was this thing called winmodems, the only way to fight it was to avoid it.
“However, when we reviewed the status of the free software applications that depend on that hardware functionality we found that they were not ready for inclusion by default in Feisty. Neither Compiz nor Beryl have the requisite stability and compatibility to be a default option in Feisty.”
Stability and compatibility.. all right. But how stable are binary blobs, and how compatible are they with free software?
Just a few questions..
I don’t have the illusion that anyone could stop Ubuntu from taking this road, but those that have made efforts to open up hardware specs will not feel terribly encouraged by all this.
Been testing Feisty 64 for the last couple of months and it is shaping up to be a very solid distribution.
There have been some issues though the development but the Devs have been doing a great job to iron out the bugs. All in all, Feisty is a marked step above Edgy.
Kudos to the Ubuntu Devs.
I am typing this from one of my personal boxes running Feisty Fawn. So far it has proven stable to me as well.
Everything works, though I need to do something about the fonts on this particular box, blech. Will have to figure out what I have wrong since it is the only Ubuntu box I have problems with the fonts on.
I hope the release a server iso this time though. For some reason herd 4 did not have one. I prefer to use the server iso then build my desktop from there since I do not like some of the package choices in the desktop iso (network manager…)
Me, I’m stuck with dapper for the simple reason that all upgrades simply fail. I guess that’s what the LTS stands for.
I installed Edgy (6.10) on my system recently. Here’s how it went, as a new user. I have a lot to say so I’ll do multiple posts
. I’ll start with my experience getting it installed and my display set up…
Installation:
-Popped the liveCD in, booted, everything working fine ff live CD. I run through graphical installer intalling Edgy in a primary partitions. Installation does not give any errors.
-I reboot (rather excited having got it installed)… and get: “Grub” : “read error”. Strange, there is definitely nothing wrong with my disk.
-I then decide to install Edgy in a primary partition on my other disk. Installation goes fine, no errors. I reboot and get: “Grub” , the system hangs with the word “Grub” on the screen.
-After numerous reinstalls, I finally figure out that the Grub boot menu will only appear if I install in an extended partition.
Display setup:
-I now have the basic system “working”. Everything is really slow. Graphics settings are “Generic graphics card” and “Vesa” etc. I download linux drivers from Nvidia, but the install fails because it “can’t find” libc. I decide to run an xorg config utility, which generates a new xorg.conf file. This file has my graphics card listed correctly. It can’t detect my mouse and has my monitor mode settings all wrong. I ended up manually merging the graphics card settings from the new xorg.conf file into the old xorg.conf. A half dozen reboots and tweaks later I have the display hardware accelerated, at the correct resolution, but the display is shifted to the right so that part of the screen is not visible.
-I eventually find a xvidTune (or some name like that) utility to run which lets me shift the display to the left. It gives me a cryptic string which I insert into xorg.conf, and after several failures to start X, I figure out that I need to use the ModeLine keyword, and this string of numbers for various vsync, hsync, refresh rates, and clock settings. I reboot and my system is working smoothly as it is now hardware accelerated with “nv” drivers.
It took me two days, but I finally got it setup.
Wow, you certainly are having an unusually rough time of it. Sorry to hear that. Was the display correct from the live cd? From the sound of it something is failing during install.
On the grub issue your diagnosis is incorrect. An extended partition is not a requirement so something. Next time try hitting the Ubuntu Forums and see if they can help.
Wow, you certainly are having an unusually rough time of it. Sorry to hear that. Was the display correct from the live cd? From the sound of it something is failing during install.
The display looked fine off the live CD, and after initial install. Only problem was it was very slow, defaulting to Generic VESA display adapter or some similar name. Hardware acceleration appeared to be nonexistant until I did everything manually. BTW using GeForce 6100 onboard.
Edgy is still better than the Ubuntu 5.04 install I tried a while back, hoary couldn’t even get X started to do the install.
Once I got Edgy up and running I had trouble getting additional software installed…
-The add/removed programs option wasn’t very useful for me. My Ubuntu system isn’t connected to the Internet, which means that connecting to an online repository isn’t an option.
-I have to download any additional software using Windows on another system, and copy the files across.
-I happily download various applications to play MP3s, do desktop search etc. These typically come as .tar.gz files. I unzip the files and run ./configure. For every one of these types of applications I get an error:
“/usr/bin/ld: crt1.o: No such file: No such file or directory”
-Well maybe I should find a .deb file for each of the apps I need. I decide to look for beagle as this appears to be the only desktop search option for Gnome. I go over to :
http://packages.debian.org/unstable/gnome/beagle
And guess what – I have to get dozens of other packages for this package to work. see the “depends” links on the page above. From previous experience many of these packages also require packages, and the dependencies span out like a giant tree. How can I track down and individually download each of these packages. It seems totally impractical. There must be an easier way to do this.
-It seems like the only additional software which I could get installed easily was Sun’s Java and related applications (manually downloaded using a Windows PC).
-Any advice about getting software (desktop search, mp3, avi and mpeg codecs etc.) installed would be appreciated!
PS When I select Nvidia binary drivers in add/remove programs I get a message that this software is not compatible with my system (Linux i386) – I can’t remember the exact message, but it was vague.