-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It would appear that on Apr 21, jim tate did say:
> Subject: Feedback please
>
> I have done a install of Kubuntu just to see how it work, I'm a straight
> Fedora user and no desire to move to Ubuntu,
> I just want to see how it works as far as SU goes.
> In ubuntu , can any user type in sudo -s and get root privileges ?
> For Security reasons this distro scares me.
> I teach Linux at locale libraries and wanted to get a feel for ubuntu before
> I can say yea or nay.
> And I don't want to go threw a bunch of hassles to track down a Ubuntu forum
> just to ask one question about a distro
> that I'm not going to permanently use.
OK I see a request for feedback from a fedora core point of view about a
kubuntu security concept...
This feedback is from the perspective of a kde user who once used fc1 then
mostly switched to fc2 and hadn't yet upgraded to fc3 when I discovered
Kubuntu. I switched to breezy then dapper and now edgy.
I didn't like the way they implemented the sudo concept, mostly because
I always set up a dummy first user with a STUPID password until I get
bash, mc, pine, vim, some text browser (currently elinks), some gui
browser (usually mozilla or firefox) certain kde key-bindings such as NOT
closing windows with ANY F-key combination but rather having something
as close to <ctrl>+<logo>+[space_bar] as possible pop, the same menu as
I'd get if I wrestled the durned rodent over to that "-" ? in the upper
left corner... from which, IF the menu is in the right place to be the
window I thought was in focus, I can close it with a "C" All working the
way I can stand. before I copy the dummies whole ~/* & ~/.* filesystem to
/etc/skel/ And surgically create My real NON-privileged everyday user account
specifying the same user id number which already matches the numeric
user id of all my pre-existing data files...
When I found out that dummy WAS my "root" account I was pis^H^H^Hticked
off...
Needless to say, it wasn't long before [first-user], the "dummy"
I know better than to run as root. If I was going to embrace using sudo
I would NEVER put jtwdyp in the sudoers list. Anyone trying to hack me
would be just as aware of that login name as of root's, so there isn't
any real security advantage unless you create a [secret-user] to put
in the admin group the way kubuntu does the first user. Then any
authorized (trusted) user can first, su to [secret-user] (from their
usual NON-privileged every day user account, then, use sudo...
{{{hmmnnn I wonder if something like:
su [secret-user] -c 'sudu "[command-string]"'
would work???}}}
Of course the [secret-user] account would only be a secret to those who
can't see files like /etc/passwd...
When I do need to use root privileges however, I know that, with my
current root enabled kubuntu:
su root -c "kdesu -u root -c konsole"
from my usual "paper" Schema konsole window, gets me a contrasting
(root's default Schema) "black on yellow" konsole, into which I'm visually
reminded to type with care... Just Like I used to get with:
kdesu "konsole --ls"
or
kdesu konsole
or
konsole -type su
or
kdesu konsole-noxft
depending on which mdk or fedora or possibly other pre-kubuntu kde I was
running in at the time... Unfortunately when I use sudo I don't get that
contrasting {root's Schema} to remind me to do a ^D as soon as I no longer
need root privileges... <sigh>
#############################################################
##_if_you'd_prefer_an_clearsigned_".asc"_text_file_of_this_##
##message_as_an_mime_encoded_attachment,just_ask_me_while__##
##it's_STILL_IN_my_outbox_folder_._._._=+=+=+=+=+=+=+=+;-)_##
#gpg sig for: Joe (theWordy) Philbrook DSA key ID 0x6C2163DE#
# You can find my public gpg key at http://pgpkeys.mit.edu/ #
#############################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFGLGUTRZ/61mwhY94RAl4yAKCabv/3nNOqh1A5VW3v01oCQtQpRACfTPUF
5TinRJsIlnN/HyuhmdW5pzc=
=yUUD
-----END PGP SIGNATURE-----
--
| --- ___
| <0> <-> Joe (theWordy) Philbrook
| ^ J(tWdy)P
| ~\___/~ <<jtwdyp@xxxxxxxx>>
