So, after a run-in with a drive-by download virus or trojan or somesuch on our Windows laptop, I used the Ubuntu LiveCD as part of my cleaning efforts and was very impressed with the state of Linux on the desktop. I last investigated it 5+ years ago, and was totally unprepared for so many things (sound and wireless specifically jumping to mind) to work out-of-the-box on the LiveCD. Colour me impressed.

I had my wife use the laptop with the LiveCD whilst I was tinkering around cleaning out the Windows install. Whilst the interface was a bit unfamiliar to her (this seems to be the "fault" of the new Unity interface in the latest Ubuntu, and isn't massively popular yet?) she was actually happy to use it, mostly because stuff she wanted to do just worked. Case in point, she missed an episode of a series she's watching on the TV, and wanted to use the catch-up service on the channel's website. A single package (easily deduced from a Google search) got the relevant codecs installed and she was watching it a couple of minutes later. Colour my wife impressed.

So, anyway, to cut a slightly longer and convoluted story short, I don't trust the Windows installation any more (there may have been a rootkit snuck on there) and my wife was happy enough with her experience that she's happy for Linux to go on there as a dual-booted OS setup, using Linux as the primary OS and falling back to Windows if there is something we really can't get working. (We recently got an iPad, and my wife is doing a lot that she used to do on the laptop on that, so she has fewer demands on the laptop, which is probably why she's okay for Linux going on there)

So, my question at the moment is in regards to user security. During the install process, I created an account for me, this is an Adminstrator account. Reading up on User Management under Ubuntu, it seems that this means I am allowed to execute sudo, not that my account actually has any elevated privileges directly? Is it okay to have your everyday user account as Administrator, or would the general consensus be to have a separate account and all your normal user accounts be Standard?

And whilst we're not particularly put off by having separate accounts and switching between them, is there any easier way of separating user sessions? It's things like web browsing sessions mostly - my wife and I both have Facebook accounts for example, and we use "Keep me logged in", so having separate accounts keeps our sessions separate and we don't have to log the other out to log ourselves in. Is there a lighterweight way of managing that scenario that anyone knows of? (As I said, we're not worried about having to switch user accounts - it's what we did under Windows, just wondering if there's a Better Way.)

no don't

no don't... what?

when it comes to... pretty much anything... tibby is ****ing retarded

don't pay attention to him

in ubuntu there is no problem running your everyday account as administrator... you need to enter your password for anything important as it is and you aren't running as root so you can't easily do anything along the lines of "oops i broke my os"

There is no real security difference between the two options. By default, you can always escalate permissions from any session; it's simply a question of whether or not you need a username in addition to a password. You could lock that down, too, after a lot of work. At that point, though, you should probably ask yourself who you're trying to protect your computer against. Someone with physical access? Futile.

The thing to accept is that no computer system can ever be truly secure. As an end user, you'd probably stand to gain more by instead working on mitigating the potential consequences.


Google Chrome betas have some built-in mechanism for multiple users, but I've never used it and I don't think it's necessary. The way you're doing it is the Best Way.

That said, requiring users to enter a password is not by itself secure. You could end up with a userspace keylogger under X, and the next time you accidentally use 'sudo' instead of 'gksudo' your computer belongs to someone in Russia.

Passwords are a modern safety blanket. If UAC's 'OK' button were implemented better, it would be much more secure than a password prompt.

to be honest i wasn't talking in the sense of crap like keyloggers... i was more talking in the sense of the person using the computer pulling the classic "oops i deleted some files now my computer doesn't work"

This Massassi policy of flaming Tibby's linux experimentation while supporting Giraffe's is awesome. I support it.

My main concern was malicious processes running as the user having too many permissions. In Vista, an "Administrator" account did seem to have more rights than a standard account, even with UAC turned on - I could do things that I would have expected to trigger a UAC dialog that didn't. It sounds like that's not what it means in Ubuntu, though.



Are you referring to UAC in Windows, or UAC in Ubuntu? I kinda assumed that both of them basically worked correctly, but it sounds like you're saying that is not actually the case? Have you got any links to further information on that?

I'm guessing he's referring to the way it trains people to press yes. Most people who don't know what's happening will press 'ok' to anything because 99% of the time windows asks, it's the correct action.

there really wasn't any flaming in that thread from what i could see...

Hey guys, **** that guy amirite? I mean like, he's ~that guy~, and he sucks!

FLAME ON!


Yeah, **** you, Tibby.

Thanks for the derail guys...

Having trouble setting up the NTFS partition to be viewed from my wife's account, who doesn't have sudo privileges (I tried, but got a stern warning that the attempt had been logged!). Basically, the old windows partition gets auto-mounted to /media/OS/ on my account, and I can access it fine. My wife's account can't see the disk in the file explorer application, and when I navigate to /media/OS/ I get permission denied errors.

What I'd like to do is set up a share in her home folder pointing back to her user directory on the Windows partition. I read on this thread that it can be done through the Samba config file, but I'm guessing I need to get read/write permissions on there first? I set up a ntfsusers group to hold the permissions and added both myself and my wife, but can't figure out exactly which object I should be giving permissions to: /dev/disk/... or /media/OS/ or what?

Once I've got those permissions in place, is Samba the way to go with setting up a folder in the home directory? Somewhere else mentioned symlinks. Anyone done this in the past?

Samba is for SMB/CIFS (Windows network shares.)

I don't know if Ubuntu does things differently, but on other... er... Linuces, you need to add (or edit) a line in /etc/fstab.