** john lewis <johnlewis@???> [2008-05-01 15:09]:
> On Thu, 1 May 2008 12:58:23 +0000
> Andy Smith <andy@???> wrote:
> > On Thu, May 01, 2008 at 01:54:54PM +0100, James Courtier-Dutton
> > wrote:
> > > Um??? So where is the question? I don't see any question marks
> > > at all in that entire email!!!
>
> James is just being pedantic, I understood that Paul was posing a
> question from the outset :-)
Phew, at least somebody did :)
> > I think it was just a chance to say "I don't like ubntbuntntutntu"
>
> I'll not comment on that as I'll just get accused of flame baiting,
> but I don't like the use of sudo for doing admin tasks and have
> almost never used sudo, the one exception is on my local server,
> landing,which I normally access as a normal user via ssh and have
> it set up so I can run <sudo aptitude safe-upgrade> without having
> to use su+password, though that is what I do if I need to do any
> other admin tasks on that box.
OK, that example is how sudo should be used...
> IMHO admin tasks should be done as the root user and not as a pseudo
> root. The U* way strikes me as being like windows where you can give
> a user admin rights and that user can then do anything.
The concept behind sudo is to selectively give users access to perform
limited administration tasks. What I don't like is the way Ubuntu
disable the root user and give the normal user full root capabilities
via sudo. Admittedly on the desktop install there is no ssh active, so
remote access is limited, but I never, even on a desktop, run without
ssh capabilities. This may stem from my early days with Red Hat where
the machine I inherited had a nasty habit of locking X and the only way
to recover without using the power switch was to ssh in remotely.
> So I think the debian practice of creating a root user during
> installation is the correct way. In some ways it might be safer
> to not use su from within X but to use CTRL + F* and login as root
> and then do the admin tasks.
In theory I agree with you, but you are working on the basis of a single
administrator, hence no issues of having to share the root password and
all the security implications that go along with that.
> Incidentally James set me up with ssh as root to my VPS so I do
> (almost) everything on my server as a 'real' root user.
Eeek, I do hope you ssh in as a normal user and su to root. I *always*
disable remote login as root, or check that this has been done by
default, as soon as I install ssh.
I don't consider either the use of root or sudo to be the best way of
working. Either there is the shared password issue, or problems with an
account that is remotely accessible having (some) administrative
capability (assuming ssh, or etc.) - even if you do have to supply the
password a second time. I would advocate either having a second password
to supply to sudo for authentication, or a second user account with
remote access disabled that then has sudo capabilities (effectively
providing multiple passwords for root if you like, although you can
further tie down what can and can't be done with the sudo
configuration).
> FWIW I think the current Debian Installer is a big improvement on past
> versions. Whilst it doesn't install without asking any questions
> it now asks very few (country, keyboard and what to do with the
> hard disk, I think, and even the last has defaults so no need to
> resort to cfdisk any more)
>
> My biggest gripe with debian is that gnome is the default GUI
> interface, which as I'll never use it is a bit of a pain as it means I
> have to bail out of the installer after the basic system is installed
> and do a manual install of X + wmaker + any apps needing X.
OK, this may actually balance the pros and cons a bit further towards
Ubuntu for me! It is actually, now I think of it, a long while since I
last did a desktop Debian install as my clients have all either been
upgraded over the years or switched to Ubuntu to see how I settled with
it. I generally install the bare minimum in pretty much the same was as
I do a server install and then pull in X, etc. from the CLI. You can do
this with Ubuntu, but there seem to be quite a few desktop tweaks that
rely on Gnome, or are configured better in Gnome because it is far more
the default GUI than with Debian - things like the update notification
and the roaming wifi applet which took a bit of fiddling to get into my
XFCE configuration, but which in Debian I never felt the need to 'fiddle
in'. I've considered using the server install media and then configuring
as a desktop, but I'll have to take a look at 8.04 first :)
** end quote [john lewis]
--
Paul Tansom | Aptanet Ltd. |
http://www.aptanet.com/ | 023 9238 0001
======================================================================
Registered in England | Company No: 4905028 | Registered Office:
Crawford House, Hambledon Road, Denmead, Waterlooville, Hants, PO7 6NU
