Logo 
Search:

Unix / Linux / Ubuntu Forum

Ask Question   UnAnswered
Home » Forum » Unix / Linux / Ubuntu       RSS Feeds

Security and Boot Options

  Date: Dec 26    Category: Unix / Linux / Ubuntu    Views: 479
  

Is anyone else really concerned that Ubuntu Hardy leaves the recovery
boot option in grub on by default and not password protected, even if
you've set a root password, you can drop straight to the root command
prompt by default without a password?

Share: 

 

4 Answers Found

 
Answer #1    Answered On: Dec 26    

I never could understand what was positive about the "feature" of
having only one password, rather than the Linux standard of:
User password
Root password

 
Answer #2    Answered On: Dec 26    

There are advantages and disadvantages to using sudo. Opponents like
standardization. But many users have messed up their systems by logging in as
root and then doing crazy things. For newbies, it can be confusing to have two
users with different levels of access. They can be confused about having two
passwords, especially if they have come from an environment when one password
was too many. They can buy into one password, but may find two passwords
extreme. If you come from Linux, you are used to it.

Sudo is a powerful tool used by network adminstrators in BSD/Unix with great
success. It is not an Ubuntu innovation. In the right hands it can be very
useful. It is no less secure than changing to root and giving the root password.
If you want to avoid sudo you can always change Ubuntu to use root and allow
root logins. However, it is something that one should think about carefully. It
can be very damaging and you can achieve the same level of security without it,
so what is the point.

Anytime I want to switch to root, I can use sudo su or I can use an option with
it. See: http://www.sudo.ws/sudo/man/sudo.html

Many people incorrectly believe that su stands for super user. It stands for
switch user, so when you use su in a terminal, you are switching to root. Sudo
is switch user to "do" a command. It is just a way of delegating root level
permissions to a user for a temporary period and it has the same effect as su
for the most part. What is good is that it is temporary.

If you open a terminal and switch to root or login as root and leave your
computer to get a cup of coffee then you are opening up your computer for anyone
to mess with. However, if you use sudo, you will be prompted for the password
again at some point. As I said, there are pluses and minuses. The big minus of
sudo is that it is two extra letters to type, ;) and it will ask you to input
the password more often. That can't be bad, if you are security conscious.

I don't see one as better or worse. It is whatever you are used to. I found it
hard to get used to, but after a couple of years think nothing of it. When I use
MEPIS or PCLOS, I seem to instinctively use su and in Ubuntu I use sudo. What I
never do, is login as root. That is a recipe for disaster for a newbie. As an
experienced user, I don't have the need. So why even have it if it is
unnecessary?

 
Answer #3    Answered On: Dec 26    

Once again, I never said anything about using sudo or not using sudo, I
fully understand the concept of a super user, why root isn't a login
option by default, etc... I understand the tool of sudo and that su is
switch user, not super user. My question has to do with the default
boot options in Hardy.

Setting a root password or not is irrelevant to what I am talking about.
I am talking about the fact that if you use the recovery boot option
enabled by default in the boot menu, you are greeted with 3 options once
boot finishes. One of which will drop you - without asking for any kind
of password - to a command prompt under root!

So anyone who gets access to your system for even a few moments can
reboot into root and do whatever they want!

If your laptop is stolen, the impressive and iron clad security of the
Linux system is undermined and made irrelevant by the fact that Ubuntu
gives root access without a password prompt by choosing the recovery
boot option.

So, as I said, I have no discussion here about sudo or su or anything -
or if a root password should be set or not - all I am saying is that to
me it is a huge security concern to have a boot option right there for
anyone to use that allows unprotected root access.


 
Answer #4    Answered On: Dec 26    

There is a way to install a password in Grub, and every user can be setup to
have a password, they can expire and be made to change them, a minimum number
of characters for the password can be defined. This is what is good about
Linux in general, you can custom tailor your system for you. If you are
security conscious then do a little reading on the security options and
install what you want / need.

 
Didn't find what you were looking for? Find more on Security and Boot Options Or get search suggestion and latest updates.




Tagged: