sudo by default?
Yaakov Nemoy
loupgaroublond at gmail.com
Wed May 5 08:22:01 UTC 2010
2010/5/4 Lennart Poettering <mzerqung at 0pointer.de>:
> BTW: another reason to enable sudo by default is to unify things a
> little across distributions: to my knowledge Ubuntu (and related
> distros) set up sudo like that. It would be nice if folks coming from
> their would have an easy path to administrating Fedora systems.
I disagree with this logic. It's too much like the 'if your friends
all jumped off the brooklyn bridge, would you do it too?' logic
parents use to convince kids not to do drugs.
I don't want to compare Ubuntu's decisions about security to drug use,
but the way you phrase it here, you make it sound like Ubuntu's setup
is already the best for users out there, and i'm not 100% convinced.
If there is a well defined policy that the consensus agrees is good,
then i'm all in favour of seeing that implemented as widely as
possible, for exactly the reasons you mention above.
There's two other points to be made. Let's say we have a well defined
security policy that the consensus agrees on. I'm willing to bet more
than anything that having it widely deployed will negate some of the
value it provides. Having multiple policies on different systems make
it that much harder for malware writers to trick users into doing
stupid things, and there's a certain fundamental advantage to using
multiple good policies on different systems for diversity. This is
assuming that multiple good policies exist.
The other point is that i'm personally not convinced automatically
giving sudo is the best option out there. (You can see my bias here.)
I think there is a strong difference in contexts between:
A) The user knows what he's doing, he owns the box, and he wants to
change something relatively benign such as the date or time of the
machine, install packages from good repos, something that can be
handled by PolicyKit.
B) The user knows what he's doing, he owns the box, and he wants to be
able to change anything at will using the old tried and true
administration techniques using sudo, such as changing the root
password, installing packages from source and so on.
These aren't judgement calls on what's better for the user to be
allowed to do. There is a value though in communicating clearly that
these are two seperate contexts, and having an option in the new user
creation is definitely one way to communicate the difference between
someone with the right SELinux context and someone in the wheel group.
-Yaakov
More information about the desktop
mailing list