[KLUG Members] Security setup ...

[Bruce Smith]

An interesting point was brought up during last night's presentation on
security.  Since it was slightly off topic, I didn't want to interrupt
the ongoing presentation to argue the point, so I'll bring it up here.

Someone said (implied?) that Mac OS-X was not as secure as Linux because
some users are also administrators.  I disagree, which leads me to
believe that person doesn't fully understand Mac OS-X security.

While I'm a short-time OS-X user myself, this is how I believe it works:
(OS-X veterans, please correct me if I'm wrong!)

OS-X has a security setup very similar to Linux and classic Unix
systems.  OS-X has a user named "root", but root's password is disabled
by default.  When a "administrator" user does something that requires
root privileges (like installing software), all work is done with
"sudo".  And whenever this happens, a password prompt pops up and the
admin-user has to enter his own password to proceed (not root's).

Only users who have "administrator" privileges are allowed to run
commands with sudo.  (they are probably the member of some admin group)

The way I see it, the only difference between OS-X, and SuSE/Redhat/...
running a admin GUI, is the password the user types in is his own
password instead of root's password.  Since a password is required in
either case, I don't see much of a difference when it comes to virus
type programs gaining access to the privileged areas of the system.

The point could be made that in some sense it is slightly less secure
because the admin only has to know one password instead of two.  OTOH,
it could be considered more secure because the root account is disabled
by default.  I see the trade-off as a wash myself.

On a side note, it is possible (and easy) for an administrator to put a
real password on the root account (activating the account), which allows
users to "su" from the command line, and/or log in directly as root.
This does NOT change how the GUI's work (they still use sudo).

One last point.  I've been playing around with Ubuntu, and they seem to
have their system configured the same way as OS-X, where all admin GUI's
run sudo and the user has to enter their own password instead of the
root password.  (which is frustrating if you don't know that and you
can't get it to take root's password in the dialog box :)

Is that the security model of the future for Linux?  Are other distro's
planning on going that way?  Just wondering ...   :-)

 - BS