RE: Boots into emergency mode. How to analyze?
Hi,
> Date: Thu, 25 Jun 2015 21:46:33 -0600
> From: bob@proulx.com
>
> The Wanderer wrote:
>> In which case I return to my original comment on that point: although
>> there might be situations where this setup could make sense, they would
>> _not_ be for the casual user. As a setup for a sole computer intended to
>> be administered by its sole user, this is simply a crazy design.
>
> I, like you, feel that being able to log in using a root password is
> an essential requirement. However it is also true that Ubuntu is
> designed for the non-technical and Ubuntu has chosen to disable the
> root password by default and to provide sudo as the root access
> method. Although I agree with you that it is crazy I have to admit
> that there are a lot of Ubuntu machines out there with root login
> disabled.
Having a single root account for administration is also bad from an
accountability viewpoint: it's essentially an anonymous account. Having
user-based accounts allows for much better control and transparency
over "who did what".
So while you think it is crazy to have to use sudo on a single-user
machine, I think it's similarly crazy to enable the root account on
machines that are administered by multiple people. The root account
should be limited to emergency use only, and when your threat model
doesn't include having to defend against physical access, the Debian
approach of locking the root account and allowing passwordless login
through sulogin is a perfectly reasonable and valid setup.
Regards,
Arno
Reply to: