When security is a bad, bad thing
Ubuntu Linux, like a good, modern operating system, tries to be idiot proof. One was in which that's implemented is to deny the user administrator rights as a matter-of-course. Another is that Ubuntu tends to default to denying permissions with new directories and drives.
Here's what that means: the administrator on a computer is the person who has universal access to everything on the system. Every directory, every file, everything. Being administrator is like being king: it's good to be king. But, if you're one of those child-kings who inherits the throne at age 4, you can end up being the patsy while a regent comes in using your name to impose all sorts of painful edicts.
No, it really is a good metaphor: the fact that older versions of Windows default the user to administrator privileges is part of the reason there are so many security exploits for Windows: pretty much every home user of Windows is an administrator, and if they download a piece of software without scanning it for viruses or malicious scripts (programs), the user runs that program as an administrator and that program takes on the same administrative privileges that the person who ran it had. The administrator has direct access to everything, remember? So the administrator who accidentally gives a virus administrative privileges gives that virus access to everything....
This is why Mac OSX, many Linux flavors, and Windows Vista don't let the user default to administrator. The user has to take extra steps to run a program that could access the meaty parts of his or her system, like the partition table or private data. In the case of Vista, you (apparently) have to click on a box every time you want to run something--word on the street is it's a lousy implementation of a necessary idea. In the case of Linux, the more typical decision is to require the user to temporarily login in as a superuser.
In a GUI (graphical user interface) like KDE, an administrative-level program will throw up a login screen before proceeding. It doesn't absolutely keep a user from doing something stupid, but it certainly red-flags the operation and creates a tripwire. From the command line, the user must preface an instruction with the prefix sudo. For instance, changing the permission on a file to make it accessible for all users might look something like:
sudo chmod a=+rw /directory name/file name
This is normally a good thing. Normally. But when you're a low-level user (like myself) trying to fix a broken system, it makes the ears bleed. It's also the kind of thing that confuses and terrifies an entry-level user, and it's part of the reason Linux isn't quite ready for primetime.
Anyway, that's me venting while waiting for files to copy. If you know more than I do--quite likely--feel free to tell me what I'm doing wrong. I've got to learn somehow.
Here's what that means: the administrator on a computer is the person who has universal access to everything on the system. Every directory, every file, everything. Being administrator is like being king: it's good to be king. But, if you're one of those child-kings who inherits the throne at age 4, you can end up being the patsy while a regent comes in using your name to impose all sorts of painful edicts.
No, it really is a good metaphor: the fact that older versions of Windows default the user to administrator privileges is part of the reason there are so many security exploits for Windows: pretty much every home user of Windows is an administrator, and if they download a piece of software without scanning it for viruses or malicious scripts (programs), the user runs that program as an administrator and that program takes on the same administrative privileges that the person who ran it had. The administrator has direct access to everything, remember? So the administrator who accidentally gives a virus administrative privileges gives that virus access to everything....
This is why Mac OSX, many Linux flavors, and Windows Vista don't let the user default to administrator. The user has to take extra steps to run a program that could access the meaty parts of his or her system, like the partition table or private data. In the case of Vista, you (apparently) have to click on a box every time you want to run something--word on the street is it's a lousy implementation of a necessary idea. In the case of Linux, the more typical decision is to require the user to temporarily login in as a superuser.
In a GUI (graphical user interface) like KDE, an administrative-level program will throw up a login screen before proceeding. It doesn't absolutely keep a user from doing something stupid, but it certainly red-flags the operation and creates a tripwire. From the command line, the user must preface an instruction with the prefix sudo. For instance, changing the permission on a file to make it accessible for all users might look something like:
sudo chmod a=+rw /directory name/file name
This is normally a good thing. Normally. But when you're a low-level user (like myself) trying to fix a broken system, it makes the ears bleed. It's also the kind of thing that confuses and terrifies an entry-level user, and it's part of the reason Linux isn't quite ready for primetime.
Anyway, that's me venting while waiting for files to copy. If you know more than I do--quite likely--feel free to tell me what I'm doing wrong. I've got to learn somehow.
Comments