March 22, 2019

Ubuntu Popularity: Blessing or Curse? - page 4


  • September 24, 2007
  • By Bruce Byfield

One of the best-known of Ubuntu's features is the use of sudo for administrative functions, rather than logging in as root. Given that you use sudo by entering your own password rather than the root one, this arrangement has always seemed an unnecessary relaxing of security to me--it means that an intruder only needs one often-used password instead of two to gain control of the system. Just as importantly, for many users, the sudo command becomes a magic word that they use without any comprehension of what they are doing, or any chance of learning it. Yet Gutsy Gibbon continues the practice, presumably in the name of convenience.

In addition, the Gutsy utility for managing users has adopted much of the slackness of Windows, allowing the creation of three classes of users: Administrator, Desktop User, and Unprivileged. To be fair, the default is Desktop User, not Administrator, as it is in Windows. However, when you flip to the User Privileges tab in the application, you can see that Desktop Users can do everything except log in with sudo, which still seems unacceptably broad for security.

Even worse, the selection of choices is likely to encourage newcomers to imitate their Windows habits and automatically give every user Administrator privileges. Admittedly, you can further restrict privileges on the next tab, but how many are going to bother? And, when combined with sudo, a herd of Administrator accounts opens up too many entrances for security breaches.

Usually, the principle of allowing simple choices and hiding more advanced choices somewhere close by is a sound one. However, in the case of basic security, an exception needs to be made. Undoubtedly, the result of this utility will be Ubuntu installations with far more root accounts than are necessary. Security can only suffer as a result.

Most Popular LinuxPlanet Stories