LMDE's default account

Discussion in 'all things UNIX' started by CGuard, Jan 29, 2014.

Thread Status:
Not open for further replies.
  1. CGuard

    CGuard Registered Member

    Joined:
    Mar 2, 2012
    Posts:
    145
    Is LMDE's -or other Ubuntu-based Linux Mint editions', for that matter- default account a hybrid account (standard + administrator when required), very much alike to W7's Protected Admin account (default account but with maxed-out UAC)?

    If so, is it a new purely standard account for everyday use strongly recommeneded?

    PS. It's been many years since my last Linux experience, but, if my memory serves me well, default accounts used to be purely limited ones, right? I mean, i remember entering 2 passwords (1 for default account and 1 for replacing the root password - needed for administrative tasks) during the installations. OR, maybe, i'm getting old faster than i feel...:D
     
  2. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    837
    Location:
    Québec, Canada
    Standard accounts.
    You need to sudo or log in with root account to do admin things.
     
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,985
    Location:
    Brasil
    Yes, in the past many distros came with limited default accounts. But if you consider that Linux is becoming more popular ever year, "newbies" were affected by these accounts, so most of them don't configure a root account by default, leaving the 1st user account with sudo privileges, and the rest with no privileges. So when you install Mint you can 'sudo x' but not 'su' until you configure a root password with 'sudo passwd'.

    To answer your question, yes and no. You should do most things with an account that has no privileges whatsoever, but this renders most jobs as not doable. And consider that the Linux developers know what they're doing, so most (if not all) attacks that take place on Windows won't happen on Linux. Just remember to:

    * Have strong passwords;
    * Have a less privileged user account for normal use (not even with sudo enabled);
    * Only log in as root when needed;
    * Configure a firewall (https://wiki.archlinux.org/index.php/Simple_stateful_firewall#Firewall_for_a_single_machine);
    * Don't run files like "britneySpearsNaked.sh" or .deb's that you don't know;
    * Stick to the Official Repositories;
    * Make Back-ups regularly;
    * Don't visit known malicious websites;
    * Don't mess with your kernel, only if you know what you're doing;

    Since you're probably a beginner, there's a little trick for your firewall on Mint:
    then
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698

    You mean, Windows's acc + uac is somewhat like the sudo mechanism in Linux.
    Mrk
     
  5. CGuard

    CGuard Registered Member

    Joined:
    Mar 2, 2012
    Posts:
    145
    Thank you all for answering.

    Yes, i know that the UAC mechanism is Microsoft's something-of-an-"adoption" of Unix's "sudo", but conceptual analogies are based on the most familiar (to their creator) reference points.

    What i didn't know though (=source of my confusion), was that "sudo" prompts for the current user's password and grants him with superuser's privileges for a specific task, while "su" prompts for the root password and allows him to elevate to the superuser's account or, in general, to switch accounts/enviroments.

    So, is it safe to conclude that

    1. there is no direct analogy between UAC/runas and "sudo" or "su", not even in the context of a Windows' Standard User (i mean, it grants the standard user with administrative rights for a specific task, but it does that by allowing him to temporarily elevate to an admin account)

    2. enabling the superuser account and removing the LMDE's default account from the sudoers, results in a pure limited account

    ?

    (I am trying to grasp the differences and similarities -that's all.)

    PS@amarildojr: Thank you for your advices. I 've already enable the firewall and, in general, i follow these safe practices almost instinctively. Any particular (network-related/i mean, besides physical unauthorized access) need for a strong account password?
     
  6. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,985
    Location:
    Brasil
    I think the analogy is that UAC looks like sudo, but it's not the same. With UAC the user (AFAIK) is not required to type a password in order to execute some tasks with privileges, as if the UAC asked "Hey, do you really want to do that?". sudo works the same path but it says "OK, then type the password and we talk". Also, sudo cannot be bypassed by malware, and UAC can.

    Yes, but it's not needed considering you have strong passwords on all accounts. So removing your current account from the sudoers file should not be a concern, I'd just create a new limited account and use that on a regular basis.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Never used a standard account in Windows? Anyhow, their underlying mechanism of separating privilege levels on one account is quite similar.

    I'd like see see examples of how malware truly bypassed UAC and ran with admin privileges without a peep. And how are you sure sudo cannot be bypassed by malware, as if exploits don't exist? Just an observation of underestimation and overestimation.
     
  8. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    Though UAC seems like a security feature, it is not a security boundary like sudo; UAC elevates privileges in the same session, sudo is for elevating standard user to root as a separate VC (isolated session) and is a security boundary.


    JL, take a look at http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx explains more and provides various examples of how to bypass UAC.

    Also for more background http://blogs.msdn.com/b/e7/archive/2009/02/05/update-on-uac.aspx.


    From: http://blogs.technet.com/b/markrussinovich/archive/2007/02/12/638372.aspx

     
    Last edited: Feb 1, 2014
Thread Status:
Not open for further replies.