Did Ubuntu solve the administration problem?

Ubuntu, the Debian based Linux distribution targed at education and easy access, has it's own way of protecting against unwanted effects of using the root account: it dissables it. For me it was the first experience with a UNIX/Linux OS without a root account. Did Ubuntu really solve the handing of root privileges to users for administration tasks?

It starts with a little unusual omission during installation of the desktop version of Ubuntu. I decided to give it a try after I had seen the live disk version of the Linux distribution. This version booted from CD-ROM and gave a promising experience of the desktop. I wanted to know if it was really as easy to use as it advertised.

Ubuntu has the goal to lower the threshold of using Linux and bring it to everyone with limited budget and limited knowledge. The distribution is free and will stay free. There are even no shipping cost attached to the original CD's and you can order a couple of it to hand out. It also strives to provide as much as possible applications and tools in your native language.

I burned the install-image on disk and booted the system. I used an existing Reiserfs partition for the Ubuntu root and everything went smooth. The install-script asked me for my userID and password to create the first user account. After installing from CD-ROM, it continued downloading and installing packages over the internet. Finally a Logon-screen appeared.



In search of the root of all answers

I logged on with my newly created credentials and started to explore the clean and friendly showing desktop. I was not long before a notification called my attention and told me that several updates were available, only one click away. One click and an authentication window that is. Well, I was used to these small authentication boxes from RedHat, Suse and Debian, which popped up to ask the root password whenever you needed the root privileges. But what was the root password? I never supplied one during the installation phase. What to do? Just tapping enter did not work and before trying and locking up accounts, I googled for "Ubuntu root password".

Right. As any new Ubuntu user who switched from another Linux, I did not read the instruction at the authentication box. I said clearly to supply your password and never asked for the root password. A little investigation showed that the root account was disabled and logging on as root is not possible with Ubuntu out-of-the-box. So what's happening?

• The root account is disabled


• At install-time, the first user is put in a group of users who may invoke extra privileges to perform operations with require root permission(sudo-ers)


• This user gets normal user privileges at logon


• Whenever a task is performed which requires extra root privileges, he is prompted for his password or, at a shell prompt, he need to use sudo (Switch User Do, a way to execute a command as a different user) to execute the command with root privileges.

What are the advantages?

• Actions are performed under personalized accounts, which enables auditing of transactions


• No extra accounts are needed, like most Windows admins use: a user named e.g. bob and a user named admin-bob


• It is very clear which users are in the sudo-list and have the to run commands at root-level

What are the disadvantages?

• When you by accident remove your privileges, you have a problem, since you cannot logon as root and solve the problem. You have to do a bit more (not too much, though)


• You need to type a lot of sudo and find yourself soon typing

  sudo -s -H

  in a shell, which gives you root privileges until you type

  sudo -k

  and invokes all risks of logging on as root

I think it works quite nice on a desktop and the advantages are clear. What do you think? Leave a comment below.

I could elaborate a bit more on Ubuntu, waht's in it, wha's good , what's bad, but I think it is better to try it yourself. Download the live disk or request one at Ubuntu and have some fun. At leats you save yourself looking for the root password :-)