Linux: Ubuntu security

Ubuntu does an interesting thing. It doesn't give root a password, instead you create an account with administrative privileges. This turns out to have a lot of advantages:
  • Every cracker trying to brute-force their way into your box will know it has an account named "root" and will try that first. In Unbuntu's system the root account is disabled, you have to login to your account then run 'sudo' to do root like things. This means a cracker has to guess your user name and password.
  • It avoids the "I can do anything" interactive login by default--you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing.
  • Allows easy transfer for admin rights, in a short term or long term period, by added and removing users from groups, while not compromising the root account.
  • If root were enabled during install, the user would be required to forever remember the password they chose--even though they would rarely use it. Root passwords are often forgotten.
  • By using sudo, you reduce the amount of time you have root privileges plus sudo records all the actions that you do in a log.
I really like this model, it has a nice balance of power yet compromizes nothing.


Popular posts from this blog

Seven Segment Display in Inkscape

Shortest Sudoku solver in Python