I some areas, I'm gradually getting used to linux, but in others (like this one) I'm still 99% noob. As an XP refugee, I've used Mint and am now on 18 Sarah.
I am not concerned about protecting the machine from my fat fingers, I never login as root. I am not concerned about protecting the machine from other people in my house, I trust them. I am concerned about leaving the machine on 24/7, connected to the net, visiting forums, using transmission, and being attacked from outside.
The default Mint install makes the first account a sudoer, and sudo requires the same password as the account. So with my easy to guess username, only one password is needed to mess with the machine.
While trying to setup NFS/Samba/SSH etc, I have read various (alarmist?) warnings about security. Many of the improvements involve things like squashing root, so requiring guessing two passwords instead of one before getting the ability to mess remotely with a machine. Which sounds OK.
I have discovered that putting the line 'Defaults rootpw' in sudoers makes sudo require the root password rather than the user password. This apparently improves security to needing two passwords for admin stuff.
However, there is still an account on the machine with the easy to guess name 'root' that requires only a single password to do damage.
The ubuntu argument for a disabled root account is designed to address just this shortcoming. One Ubuntu site says that if you have accidentally enabled root, to disable it again using sudo passwd -dl root.
Which sounds good, except wouldn't this then remove the root password that Defaults rootpw now requires, improving root account security but degrading the user/sudoer account back to requiring only one password?
I am reluctant to experiment with disabling root while I have Defaults rootpw set, I don't want to risk sawing off the branch that I'm sitting on, even though I have just done a full backup.
Is it the case that Mint always has an account with only a single password to guess, or is there a way to put two passwords in the way of an external attacker, as Defaults rootpw appears to do, but doesn't.