Sponsored By

Changing Ubuntu's Default Configuration

Generally, a fresh installation of Ubuntu is pretty usable out-of-the-box.  But some aspects of the default configuration seem pretty silly to me.  Here are the ones I'd change first if I were in charge of Ubuntu. File-system privileges By default, almost every file on an Ubuntu system is readable by everyone.   This means that, under a non-privileged account, I can read system configuration files that normal users have no reason to view, and which might be exploited by a malicious user to gain root access to the system.

Christopher Tozzi

February 11, 2009

4 Min Read
Changing Ubuntu's Default Configuration

Generally, a fresh installation of Ubuntu is pretty usable out-of-the-box.  But some aspects of the default configuration seem pretty silly to me.  Here are the ones I’d change first if I were in charge of Ubuntu.

File-system privileges

By default, almost every file on an Ubuntu system is readable by everyone.   This means that, under a non-privileged account, I can read system configuration files that normal users have no reason to view, and which might be exploited by a malicious user to gain root access to the system.

I can also read the personal files of other users, which is often undesirable on machines used at work or in other non-private settings.

Most other Linux distributions take a more conservative approach to read-permissions on the file system.  Ubuntu’s policy may not be a problem in most situations, but I think that configuration files containing important information about the system, as well as private user files, should not be readable by everyone unless they’re explicitly set to be.

Unencrypted Pidgin passwords

Along similar lines, instant-messaging passwords stored in Pidgin are not very secure. Someone who wants to know your password just needs to run this command as you or as root to have it returned in plain text:

grep pass /home/*/.purple/accounts.xml

This is Pidgin’s fault for storing passwords in such a silly and insecure manner, but there are workarounds that Ubuntu should implement by default.  I can’t think of any reasons for not wanting to encrypt my AIM (or MSN, Yahoo!, etc.) password, especially since every other user on the system can so easily read it given the liberal file-permission policy.

No support for proprietary media codecs

I’m all for software freedom, and I sincerely wish that all video and music files were compressed using free codecs.  But the reality is that very few are.  Besides Richard Stallman, I don’t know anyone who values freedom so much that he won’t install proprietary codecs in order to play mp3s or watch flash videos, among other things.

Instead of prompting users to download non-free codecs when they try to play a non-free media file, Ubuntu should include the decoders by default where legally possible.  Ideology aside, it’s just silly not to.

Make Broadcom wireless work out-of-the-box

The firmware for Broadcom-based wireless cards presents a similar dilemma.  Canonical won’t allow it to ship with Ubuntu because it may or may not be legal to do so, so users have to download it themselves.  If they’re lucky, a box will pop up the first time they boot Ubuntu telling them to do this, but even then, it can be tough to download firmware in order to connect to the Internet when the machine is not online in the first place.

Canonical should toughen up and just ship the firmware by default.  If Broadcom sues, the publicity for Linux would be great and Broadcom would probably lose in the end.  More importantly, many more people (since Broadcom chipsets are very popular) would have wireless Internet that ‘just works’, without having to deal with the b43-fwcutter nonsense first.

Or, better, use the open-source firmware reverse-engineered last month (when it becomes stable), which is unencumbered by legal ambiguities.

Side note: I would also say that proprietary video drivers for ATI and nVidia cards should be supported out-of-the-box, but I think the current approach–allowing users to opt for the proprietary driver via the ‘Hardware Drivers’ utility–is good enough, provided it works.  The numerous bugs with Hardware Drivers should be corrected, however, to ensure that it actually does what it’s supposed to.

Desktop effects configuration

Finally,  if I were an Ubuntu developer, I’d install the ‘CompizConfig Settings Manager’ utility by default, since it’s the only way to configure desktop effects effectively.  It’s dumb to have functionality like the cube built into Ubuntu, but only accessible through an application that users need to download themselves.  It would be less confusing to have the utilty on the system by default, at least where desktop effects are supported.

Conclusions

The dissatisfactions with the default Ubuntu configuration expressed above probably reflect my personal taste and experience more than anything else, and none of this stuff is absolutely essential.  But these represent simple, feasible changes that would make Ubuntu more useful to more people out-of-the-box.  And if it wants to beat Microsoft and Apple, Ubuntu needs to put usability before all else.

WorksWithU is updated multiple times per week. Don’t miss a single post. Sign up for our RSS and Twitter feeds (available now) and newsletter (coming in 2009).

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Christopher Tozzi

Contributing Editor

Christopher Tozzi started covering the channel for The VAR Guy on a freelance basis in 2008, with an emphasis on open source, Linux, virtualization, SDN, containers, data storage and related topics. He also teaches history at a major university in Washington, D.C. He occasionally combines these interests by writing about the history of software. His book on this topic, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” is forthcoming with MIT Press.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like