Torvalds:requiring root password for mundane things is moronic

Neal Becker ndbecker2 at gmail.com
Wed Feb 29 19:15:18 UTC 2012 

Nikos Roussos wrote:

> On Wed, Feb 29, 2012 at 3:56 PM, Chris Evich <cevich at redhat.com> wrote:
> 
>> On 02/29/2012 07:46 AM, Mark Bidewell wrote:
>>
>>> On Wed, Feb 29, 2012 at 7:36 AM, Emanuel Rietveld<codehotter at gmail.com>**
>>> wrote:
>>>
>>>  On 02/29/2012 01:15 PM, drago01 wrote:
>>>>
>>>>  On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker<ndbecker2 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>  I think he's got a point
>>>>>>
>>>>>> 
http://www.osnews.com/story/****25659/Torvalds_requiring_root_****<http://www.osnews.com/story/**25659/Torvalds_requiring_root_**>
>>>>>> password_for_mundane_things_****is_quot_moronic_quot_<http://**
>>>>>> www.osnews.com/story/25659/**Torvalds_requiring_root_**
>>>>>> 
password_for_mundane_things_**is_quot_moronic_quot_<http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_>
>>>>>> >
>>>>>>
>>>>>>
>>>>> Yeah but last time we tried this in fedora it got "flamefested" so we
>>>>> had to revert.
>>>>>
>>>>>
>>>> Perhaps a solution is adding a group with the needed permissions and make
>>>> it really easy to add an account to that group.
>>>>
>>>> --
>>>> devel mailing list
>>>> devel at lists.fedoraproject.org
>>>> https://admin.fedoraproject.****org/mailman/listinfo/devel<htt**
>>>> 
ps://admin.fedoraproject.org/**mailman/listinfo/devel<https://admin.fedoraproject.org/mailman/listinfo/devel>
>>>> >
>>>>
>>>>
>>> +1 to this.  Many tasks should not require full root permissions to
>>> execute. Having a set of groups centered around tasks (install printers,
>>> install software, etc.)  would definitely make this simpler.  This method
>>> would also be arguably be more secure than sudo as processes don't run
>>> with
>>> root permission therefore root privileged cannot be gained by exploiting a
>>> program.   Another situation where having a group based security would be
>>> nice is access to privileged ports.  Try running JBoss as a non-root user
>>> on port 80.
>>>
>>>
>>>
>> Another +1 to the groups idea.  It would enable a simple convenience
>> feature as well:  When prompting a user for the root password to do
>> something the first time, include a check-box to add the user to the proper
>> group behind-the-scene (with a warning that user needs to logout/login for
>> change to be effective).  Maybe also include a simple management program to
>> enable/disable/display allowed functionality for specific users based on
>> descriptions (i.e. instead of group name - which may be meaningless to a
>> n00b).  Kind of like how android permissions look, but with more of a
>> management focus.
>>
> 
> Why not add by default the first user created (right after installation
> finishes) to administrative group and disable the root account? From my
> experience (and the feedback I get from users that reach to me as an
> Ambassador) most users fail to understand why they asked twice for
> passwords during installation and they tend to use the same on both root
> and first user password.

I don't think it really matters that they use the same password for both.  Only 
that some password is asked for to do any admin stuff.  That way, a trojan can't 
easily trash your system.

More information about the devel mailing list