[NTLUG:Discuss] DistroWatch 10 Most Popular Linux Distros

[Kenneth Loafman]

terry wrote:
> 2009/3/29 Ted Gould <ted at gould.cx>
> 
>> On Wed, 2009-03-25 at 14:23 -0500, Ted Gould wrote:
>>>> All in all, they're trying to duplicate the "friendliness"
>>>> of Windows.  And that's just SOOOO wrong.  People who think
>>>> Linux distros are "hard"... just don't understand the
>>>> complexity of being on a shared network.... Windows makes
>>>> 1001 assumptions... and has a myriad of security issues.
>>>> We don't need to emulate them.
>>> Could you give some examples of Ubuntu security flaws that are created
>>> through this "duplication of Windows"?  I'm not aware of any.  In fact,
>>> I can largely only think of security enhancements.  The hiding of the
>>> root user.  Apparmor by default.  No external services enabled by
>>> default.
> 
> It is a good thing that ssh is not installed by default on a Ubuntu system
> because "hiding the root user" is not a security enhancement.  Not setting a
> password for root and therefore not having access to it and giving all admin
> rights to the user can not be a security enhancement, it could only be
> called a breach of security.  It may make the system simpler and easier to
> install and negotiate by the novice user but I see no way we can construe it
> as a security enhancement.

Contrary to popular misconception, root on Ubuntu *is* configured with a
strong password, generated but not provided to the user.  Their goal was
to force the user to use sudo or one of the alternatives, rather than do
what users quite often do, sign on as root and stay there.

The first user does have 'admin' rights, but not all the rights of root
by a long shot.  After the first user, additional users get normal
rights.  This may be a security breach to you, but for the most part,
the first user is almost always the one that runs the machine and having
admin rights is needed.  It's a nice balance of power, but may not play
well with fascist IT departments.

...Ken