Linux Lite Forums

General => On Topic => Topic started by: m654321 on February 17, 2018, 09:04:33 AM

Title: Security - LL has one password - other distros can have more ...
Post by: m654321 on February 17, 2018, 09:04:33 AM
I was wondering the other day how security works with LL and the privileges/access to computer that the password provides.


LL has 1 password which is used to login with - the same password is used as a root/admin password. How does that work? Surely having the same password for both means that the distro is therefore vulnerable as permission is given, following logon, for anything out there to make changes to your computer ... ???

Comparing with two other distros that I have been using:
 
PCLinuxOS has 3 passwords: a Security password (for allowing changes to grub); a Root or Admin password, and a separate Login password.

Manjaro has 2 passwords: one for Login and one for Root/Admin privileges.
Title: Re: Security - LL has one password - other distros can have more ...
Post by: bitsnpcs on February 17, 2018, 09:25:26 AM
Hello m654321,

you can change this if you wish -

Menu>All>Lite user Manager

create a new user highlight this new user name, and in the right pane of GUI, click to untick the "adm"?

Save changes.
Title: Re: Security - LL has one password - other distros can have more ...
Post by: trinidad on February 17, 2018, 09:38:15 AM
Being a regular Debian user with several computers networked together and nodes for random attachment I have always used a root password and user login password and no sudo users. Opinions vary on this subject but a lot of what is discussed on this link goes to the real problem of sudo users on a network. It is important to remember that home users, and small business users really don't have to worry about security of the scope that large businesses do. On a large network it can be argued that more privilege escalated files means more security risk so in that sense sudo is a nuisance. It is also important to remember that any unencrypted system can be hacked into bypassing all the passwords anyway, Linux, Windows, and MAC usually with nothing more than an Ubuntu live disk. Also updates to the root file system load in a root shell, that is they happen in the background on a sudo system without a root password installing when you reboot unseen by you. Some administrators don't like that either, given that it is not simple to interrupt them and that things could be missed.

https://www.beyondtrust.com/blog/unix-linux-privileged-management-should-you-sudo-heres-what-it-does-and-why-its-not-enough/ (https://www.beyondtrust.com/blog/unix-linux-privileged-management-should-you-sudo-heres-what-it-does-and-why-its-not-enough/)

TC
Title: Re: Security - LL has one password - other distros can have more ...
Post by: m654321 on February 22, 2018, 06:13:51 AM
@bitsnpcs
@trinidad
Many thanks to you both for your replies. Based on what you've said, I guess as a home-user on a home network (not a public or work-based one), and the only user of this PC, the risk in using the same password for login & admin (using sudo command) is relatively low.  However, I do feel more secure with having different login and admin (root) passwords and might set this up when I have a bit of time - if I get stuck I'll come to you later for help  8)

Do either of you have different passwords for login and admin (root) on LL?

Mike
Title: Re: Security - LL has one password - other distros can have more ...
Post by: Jerry on February 22, 2018, 06:33:59 AM
In an operating system that targets Windows users, we will only offer the one master password. See trindads post for more info/logic.

Sent from my Mobile phone using Tapatalk

Title: Re: Security - LL has one password - other distros can have more ...
Post by: bitsnpcs on February 22, 2018, 10:14:48 AM
Do either of you have different passwords for login and admin (root) on LL?

Mike

Hello,

I use no password for login or indeed no login screen on LL.
I use only the single master password as @Jerry explains on LL.

When I'm afk I unplug the ethernet cable from the router, the desktop has no wifi or bluetooth card inside.