Torvalds:requiring root password for mundane things is moronic

Chris Evich cevich at redhat.com
Wed Feb 29 13:56:34 UTC 2012 

On 02/29/2012 07:46 AM, Mark Bidewell wrote:
> On Wed, Feb 29, 2012 at 7:36 AM, Emanuel Rietveld<codehotter at gmail.com>wrote:
>
>> On 02/29/2012 01:15 PM, drago01 wrote:
>>
>>> On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker<ndbecker2 at gmail.com>   wrote:
>>>
>>>> I think he's got a point
>>>>
>>>> http://www.osnews.com/story/**25659/Torvalds_requiring_root_**
>>>> password_for_mundane_things_**is_quot_moronic_quot_<http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_>
>>>>
>>>
>>> Yeah but last time we tried this in fedora it got "flamefested" so we
>>> had to revert.
>>>
>>
>> Perhaps a solution is adding a group with the needed permissions and make
>> it really easy to add an account to that group.
>>
>> --
>> devel mailing list
>> devel at lists.fedoraproject.org
>> https://admin.fedoraproject.**org/mailman/listinfo/devel<https://admin.fedoraproject.org/mailman/listinfo/devel>
>>
>
> +1 to this.  Many tasks should not require full root permissions to
> execute. Having a set of groups centered around tasks (install printers,
> install software, etc.)  would definitely make this simpler.  This method
> would also be arguably be more secure than sudo as processes don't run with
> root permission therefore root privileged cannot be gained by exploiting a
> program.   Another situation where having a group based security would be
> nice is access to privileged ports.  Try running JBoss as a non-root user
> on port 80.
>
>

Another +1 to the groups idea.  It would enable a simple convenience 
feature as well:  When prompting a user for the root password to do 
something the first time, include a check-box to add the user to the 
proper group behind-the-scene (with a warning that user needs to 
logout/login for change to be effective).  Maybe also include a simple 
management program to enable/disable/display allowed functionality for 
specific users based on descriptions (i.e. instead of group name - which 
may be meaningless to a n00b).  Kind of like how android permissions 
look, but with more of a management focus.

More information about the devel mailing list