In a move that should surprise no one, Canonical has made it considerably easier for admins to join Ubuntu desktop machines to Active Directory domains and use Group Policy to set password requirements, user access controls, and even tweak desktop environment settings (such as login screen backgrounds and required applications).
Canonical has even made it possible for the integration of a Ubuntu Desktop into an existing Active Directory domain to be an automated and effortless process, with the help of the System Security Services Daemon (SSSD).
Active Directory isn’t the only new feature that should be considered a major step forward for Canonical’s desktop. The developers have finally shifted over to the Wayland graphics server by default. This change brings considerably faster performance over its predecessor, X.org.
Finally, one long-rumored feature is the private home directory. Before 21.04, any user could view the contents of another user’s home directory (but not make changes). Now, all home directories are private, so the permissions shift from 755 to 750. This particular feature will only be implemented in clean installs and not upgrades. Making this shift is important. According to Ubuntu’s Security Tech Lead, Alex Murray, said: “…a lot of things have changed in the last 14 years, not least of which that Ubuntu has a significant customer and user-base in the public cloud and server space.” Murray continues, “For these users, there is generally 1 admin account and perhaps a number of less privileged worker accounts, and so world-readable home directories now present more like a footgun than a feature – in this case, if a worker account is compromised, an attacker could now more easily access sensitive data from the other worker accounts or the admin account.”
Download the ISO of Ubuntu Desktop 21.04 from the official Ubuntu Downloads page.