Changing Ubuntu's Default Configuration
File-system privileges
By default, almost every file on an Ubuntu system is readable by everyone. This means that, under a non-privileged account, I can read system configuration files that normal users have no reason to view, and which might be exploited by a malicious user to gain root access to the system.
Generally, a fresh installation of Ubuntu is pretty usable out-of-the-box. But some aspects of the default configuration seem pretty silly to me. Here are the ones I’d change first if I were in charge of Ubuntu.
File-system privileges
By default, almost every file on an Ubuntu system is readable by everyone. This means that, under a non-privileged account, I can read system configuration files that normal users have no reason to view, and which might be exploited by a malicious user to gain root access to the system.
I can also read the personal files of other users, which is often undesirable on machines used at work or in other non-private settings.
Most other Linux distributions take a more conservative approach to read-permissions on the file system. Ubuntu’s policy may not be a problem in most situations, but I think that configuration files containing important information about the system, as well as private user files, should not be readable by everyone unless they’re explicitly set to be.
Unencrypted Pidgin passwords
Along similar lines, instant-messaging passwords stored in Pidgin are not very secure. Someone who wants to know your password just needs to run this command as you or as root to have it returned in plain text:
grep pass /home/*/.purple/accounts.xml
This is Pidgin’s fault for storing passwords in such a silly and insecure manner, but there are workarounds that Ubuntu should implement by default. I can’t think of any reasons for not wanting to encrypt my AIM (or MSN, Yahoo!, etc.) password, especially since every other user on the system can so easily read it given the liberal file-permission policy.
No support for proprietary media codecs
I’m all for software freedom, and I sincerely wish that all video and music files were compressed using free codecs. But the reality is that very few are. Besides Richard Stallman, I don’t know anyone who values freedom so much that he won’t install proprietary codecs in order to play mp3s or watch flash videos, among other things.
Instead of prompting users to download non-free codecs when they try to play a non-free media file, Ubuntu should include the decoders by default where legally possible. Ideology aside, it’s just silly not to.
Make Broadcom wireless work out-of-the-box
The firmware for Broadcom-based wireless cards presents a similar dilemma. Canonical won’t allow it to ship with Ubuntu because it may or may not be legal to do so, so users have to download it themselves. If they’re lucky, a box will pop up the first time they boot Ubuntu telling them to do this, but even then, it can be tough to download firmware in order to connect to the Internet when the machine is not online in the first place.
Canonical should toughen up and just ship the firmware by default. If Broadcom sues, the publicity for Linux would be great and Broadcom would probably lose in the end. More importantly, many more people (since Broadcom chipsets are very popular) would have wireless Internet that ‘just works’, without having to deal with the b43-fwcutter nonsense first.
Or, better, use the open-source firmware reverse-engineered last month (when it becomes stable), which is unencumbered by legal ambiguities.
Side note: I would also say that proprietary video drivers for ATI and nVidia cards should be supported out-of-the-box, but I think the current approach–allowing users to opt for the proprietary driver via the ‘Hardware Drivers’ utility–is good enough, provided it works. The numerous bugs with Hardware Drivers should be corrected, however, to ensure that it actually does what it’s supposed to.
Desktop effects configuration
Finally, if I were an Ubuntu developer, I’d install the ‘CompizConfig Settings Manager’ utility by default, since it’s the only way to configure desktop effects effectively. It’s dumb to have functionality like the cube built into Ubuntu, but only accessible through an application that users need to download themselves. It would be less confusing to have the utilty on the system by default, at least where desktop effects are supported.
Conclusions
The dissatisfactions with the default Ubuntu configuration expressed above probably reflect my personal taste and experience more than anything else, and none of this stuff is absolutely essential. But these represent simple, feasible changes that would make Ubuntu more useful to more people out-of-the-box. And if it wants to beat Microsoft and Apple, Ubuntu needs to put usability before all else.
WorksWithU is updated multiple times per week. Don’t miss a single post. Sign up for our RSS and Twitter feeds (available now) and newsletter (coming in 2009).
I admit some of the file permissions in Ubuntu were a surprise. Like being able to read other users files. But the basic default installation is exactly that. A basic default installation. It’s not a big deal to lock other users out of your files. You don’t even need to be root to do it.
As for the configuration files. I’ve always been able to read configuration files as a normal user. I’ve never known this to be any different on other distributions.
Canonical need to respect other companies IP. So if they don’t have express permission to distribute a proprietary component or a component developed from reverse engineered proprietary technology then they shouldn’t do it. Broadcom are slowly realizing it makes sense to play nice with Linux. The Linux driver program is where the Broadcom issue needs to be dealt with.
If Broadcom don’t play nice then the way to deal with them is avoid systems using their technology. Building a Linux system is no different from building any other system. You need to choose compatible components.
Basic Compiz effects can be set through the Gnome System gt; Preferences gt; Appearance application. It might make some sense to include a more advanced Compiz settings manager. But then again it would make even more sense to start to consolidate the myriad of settings applications into one simple application.
Aikiwolfie – Agreed on the file permissions – most *nix systems are made so that even if you can read most system config files, without write acess you can’t increase your permissions.
However, when it comes to Broadcom: from my admittedly scant knowledge of copyright law, Broadcom has copyright on the particular code they use to run their cards, but cannot have rights on every possible code that would run their card (copyright protects the expression of an idea, not the idea itself). Independently conceived code that happens to serve the same purpose is the IP of whoever created it – in this case, the devs who reverse-engineered the chip.
Broadcom’s rights include protecting any patented innovations or literal code from distribution, but not from distribution of anything that happens to work with it.
Pidgin passwords? Take it up with Pidgin. At least make mention to Epiphany since they are trying to come out with the Gnome-official Pidgin replacement.
Codecs have been argued and argued. The method for installing Flash in Firefox the first time you come across a webpage with Flash is a heck of a lot better than even Windows.
Otherwise, restricted codecs and drivers are something Ubuntu and Canonical still have to keep in consideration since they are working with a larger community than say Mint or PCLinuxOS. Notice, Mint and PCLinuxOS is not so targeted to commercial use where there are stricter the standards.
I think the current method Ubuntu is using, with Restricted Hardware Drivers detected and offer a “one button” push to install the necessary items, is the best method at this time.
If the ” open-source firmware reverse-engineered last month” meets all of the legal ramifications then I would love to see Ubuntu include it on the installation CD.
Like Flash with Firefox, allow the user to choose whether to use fw-cutter or this open source one and provide the open source version on the CD in case the user cannot get onto the internet without it.
I do agree, however, that Desktop Effects configuration application should be installed by default. I didn’t even know what it was called in order to know WHAT to download in the first place, let alone then having to download and install it.
I don’t know if I’m just a lucky son of a gun, but my Broadcomm wireless card has worked (out of the box) since the kernel in 8.04.1 was released. Same in 8.10.
Other than that, I tend to agree with you Christopher. Because ubuntu is technically a community distro, there is no reason for it not to include proprietary drivers and codecs in a base installation, like Mint.
It’s not a community distro… it’s backup and supported by an official company with assets – that would rather be used to develop the distro, not patent trolls.
I’m just saying Broadcom are slowly coming round. It would be a shame to push them into a corner where they feel they need to protect their IP. Now at the end of the day if Broadcom don’t want to support Linux then why are Linux users supporting Broadcom?
That’s worse than paying the Microsoft tax.
Howdy,
Well, now you know someone besides Richard Stallman. I don’t install the proprietary codecs. I am grateful that Ubuntu is clean out of the box, but allows people who don’t care about freedom to install the codecs pretty easily.
Now, how about some real problems that I have to fix every time I install Ubuntu.
1. build_essentials should be included by default. A computer without a C compiler. That is just silly.
2. /boot/grub/menu.lst should have verbose instead of quiet as the default. This is essential. When a problem occurs down the line, and they will occur, the system should boot with enough information that you know what to look at.
3. Nautilus preference to always use location entry should be turned on by default. It us frequently handy to be able to cut and paste into that area.
Good day,
Ralph
On a bandwidth challenged connection during the installation (82% done) Ubuntu will hang while trying to sync up. I think they should modify that somewhat. It slows down the install time considerably for users with less available bandwidth. It really hangs sometimes! Users with slower connections are advised to unplug their connection during the install.
@Vladim:
Canonical backs ubuntu, yes, but the community also does a lot of the work. The relation between the two is quite similar to Fedora and Red Hat, at least imo.
well i do not use ubuntu, i use debian, but about missconfigurations… i wanted to convert my long time friend to gnu/linux, and everything was perfect, he bought msi wind with suse enterprise desktop, and damn that was the worst os i ever used.
this is the main problem i think.. every default linux distro (except for debian maybe) is awwfull! i get lost in menus, default apps are not that should be. problem is that distributions are made by techies, and so is ubuntu, and im sure they would like emacs to be default text editor, not gedit or something.
as for ubuntu, i tried every release from 7.10, anbd 7.10 was the best release i think.
oh and i liked default pclos minime, that folder “configure your pc”, with shortcuts. i think default ubuntu must have folder like “enter me” or saomething, were will be shortcuts that will download drivers, 3d desktop configuratos etc. its quite stupid to have 10 sec limit grub for, new user have no damn idea what is “single user mode kernel-i369-hfyteg-wuuhuhu”,
there are many glitches, they must be fixed, or linux will allways have 0.99% market share.
sorry for long post 😛 have fun
I think Roman is on to something. I am going to create a System folder in my home directory that has symbolic links to /boot/grub/menu.lst, /etc/fstab, /etc/network/interfaces and the other most common config files in one place.
When used with the nautilus-gksu plugin I can just right click on one and open as root.