Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 15312 ideas, 95871 comments, 1967999 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #11107: Users and Groups should always make sure at least one user is in the admin group

Written by aysiu the 14 Jul 08 at 02:40. Category: Security. Related project: Nothing/Others. Status: New
Rationale
This doesn't happen very often, but it really shouldn't happen at all. Someone on the Ubuntu Forums removes herself (the only admin user on the system) from the admin group, so she can't sudo and has to reboot into recovery mode to add herself back to the admin group.

Even though, anything should be possible by manually editing the /etc/sudoers file or making other terminal-based changes, people should not through the GUI of Users and Groups be able to remove the last admin user from the admin group.


115
votes
up equal down
Solution #1: Auto-generated solution of idea #11107
Written by aysiu the 14 Jul 08 at 02:40.
Ubuntu Brainstorm was updated in January 2009. Since the idea #11107 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!
2
votes
up equal down
Solution #2: check for at least one admin
Written by satya61229 the 1 Feb 09 at 05:19.
I removed myself from admin thinking i have set root password, but that was my own user password i had set. Now i removed myself from administerthinking it will be safe/secure.
now i donot have root password as this distro do not ask to set root password at time of installing, so i do not have a way to work on it as admin.

so, there must be a check that there is at least one admin at a time.
-5
votes
up equal down
Solution #3: require root password
Written by oholiab the 4 Mar 09 at 22:02.
There's only one real solution to this: Ubuntu needs to enforce the setting of a root password - even if it's automatically the same as the admin user. That way nobody will end up screwing the permissions up via a GUI unless they REALLY want to, and there will be no issues with the wrong environment variables from people using "sudo su"

Propose your solution

Attachments
forum Ubuntuforums.org thread #858779


Duplicates


Comments
Eldmannen wrote on the 14 Jul 08 at 03:04
I agree.
Nobody sane would do this. Only confused noobs.

Ssdg wrote on the 14 Jul 08 at 15:59
Make sure: I'm not fond of this.

Warn about removing the last admin user is pure madness: It would be better.

But +1

aysiu (Brainstorm moderator) wrote on the 31 Jul 08 at 15:30
Ssdg, nothing would prevent you from removing the last user from admin through the command-line, but the GUI would not allow you.

That means the people who actually know what they're doing still have the freedom to do it, but the people who don't know what they're doing won't do it accidentally.

For a new user, unfamiliar with the command-line, there's absolutely no reason to not have at least one admin user.

DSL5 wrote on the 16 Aug 08 at 03:03
I strongly agree! I just did this and freaked out when I couldn't sudo anything! Please stop others from repeating this ridiculously stupid mistake!

kioshiki wrote on the 14 Dec 08 at 00:05
I wouldn't consider myself a noob to ubuntu but I am also no expert. I unchecked this option before I realized what it would do.

So I think for the GUI it would be useful even if its just a confirmation box to say this will happen.


Post your comment