11. The security model

If "everything is a file in UNIX" is common knowledge, there is also common knowledge that the security model in Linux and BSD follows the UNIX model, not the old Windows approach. Constantly using the system as the privileged user is not an option.

A first attempt to make the users life easier was made by Freespire. Most readers should know that the root account is disabled in Ubuntu, the user needing to gain temporary superuser privileges through the sudo command. Well, as allowed by the architecture of sudo, Freespire is configured to accept sudo without requiring the user to enter any password! (Yes, there is an infamous NOPASSWD somewhere in /etc/sudoers).

Given that by enabling the "Admin Approval Mode", a similar operation mode is available in Vista too (you could just press ENTER or click a button to accept administrative tasks), I would refrain myself from declaring Freespire's defaults as inspired by Windows 95. They can be easily changed anyway.

A much more severe breach of the traditional UNIX security model was brought by the (otherwise very promising) Pardus Linux.

Part of their set of innovative features, a new concept was created around the new configuration manager COMAR: the first user (the one who installed the system) is granted some special administrative privileges never seen before. It is practically half-root, because he can perform a wide range of administrative tasks (adding/removing packages, starting/stopping services or the firewall, etc.) without being ever asked for a password!

Pardus developers explained that this feature could be offered as an option only with the next release, however this doesn't change anything at all: the evil was done. For the sake of the user's convenience, basic Linux principles were broken. Should people get used with this, they will ask from other distributions to provide them with such a feature.

Sadly, whereas even Microsoft tried to improve the security in Vista and to educate the home user not to use an administrative account, there is a Linux project trying to do exactly the opposite.

Requiring either the user password or the root password before performing administrative tasks was already possible through sudo (also kdesu, gksudo) or an appropriate PAM-based authentication (consolehelper). Granting a user the right to "sudo" without a password was already possible, although hardly a good choice. A possibly good feature would be to configure sudo to accept more trivial tasks such as changing the system time (not critical for home use) without a password, but not more (no, setuid is not an option, it's actually much worse).

Irresponsible approaches made from the highly praised (even by me) Pardus a black sheep from a security standpoint. At times, open source rhymes with thoughtless design and severe flaws.

Just forget about the name of the distro I just mentioned, although it is going to be a trend-setter. In a few years, on public request, half of the 500+ Linux distros will have the security features perverted.