Torvalds:requiring root password for mundane things is moronic
Neal Becker
ndbecker2 at gmail.com
Wed Feb 29 19:15:18 UTC 2012
Nikos Roussos wrote:
> On Wed, Feb 29, 2012 at 3:56 PM, Chris Evich <cevich at redhat.com> wrote:
>
>> On 02/29/2012 07:46 AM, Mark Bidewell wrote:
>>
>>> On Wed, Feb 29, 2012 at 7:36 AM, Emanuel Rietveld<codehotter at gmail.com>**
>>> wrote:
>>>
>>> On 02/29/2012 01:15 PM, drago01 wrote:
>>>>
>>>> On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker<ndbecker2 at gmail.com>
>>>>> wrote:
>>>>>
>>>>> I think he's got a point
>>>>>>
>>>>>>
http://www.osnews.com/story/****25659/Torvalds_requiring_root_****<http://www.osnews.com/story/**25659/Torvalds_requiring_root_**>
>>>>>> password_for_mundane_things_****is_quot_moronic_quot_<http://**
>>>>>> www.osnews.com/story/25659/**Torvalds_requiring_root_**
>>>>>>
password_for_mundane_things_**is_quot_moronic_quot_<http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_>
>>>>>> >
>>>>>>
>>>>>>
>>>>> Yeah but last time we tried this in fedora it got "flamefested" so we
>>>>> had to revert.
>>>>>
>>>>>
>>>> Perhaps a solution is adding a group with the needed permissions and make
>>>> it really easy to add an account to that group.
>>>>
>>>> --
>>>> devel mailing list
>>>> devel at lists.fedoraproject.org
>>>> https://admin.fedoraproject.****org/mailman/listinfo/devel<htt**
>>>>
ps://admin.fedoraproject.org/**mailman/listinfo/devel<https://admin.fedoraproject.org/mailman/listinfo/devel>
>>>> >
>>>>
>>>>
>>> +1 to this. Many tasks should not require full root permissions to
>>> execute. Having a set of groups centered around tasks (install printers,
>>> install software, etc.) would definitely make this simpler. This method
>>> would also be arguably be more secure than sudo as processes don't run
>>> with
>>> root permission therefore root privileged cannot be gained by exploiting a
>>> program. Another situation where having a group based security would be
>>> nice is access to privileged ports. Try running JBoss as a non-root user
>>> on port 80.
>>>
>>>
>>>
>> Another +1 to the groups idea. It would enable a simple convenience
>> feature as well: When prompting a user for the root password to do
>> something the first time, include a check-box to add the user to the proper
>> group behind-the-scene (with a warning that user needs to logout/login for
>> change to be effective). Maybe also include a simple management program to
>> enable/disable/display allowed functionality for specific users based on
>> descriptions (i.e. instead of group name - which may be meaningless to a
>> n00b). Kind of like how android permissions look, but with more of a
>> management focus.
>>
>
> Why not add by default the first user created (right after installation
> finishes) to administrative group and disable the root account? From my
> experience (and the feedback I get from users that reach to me as an
> Ambassador) most users fail to understand why they asked twice for
> passwords during installation and they tend to use the same on both root
> and first user password.
I don't think it really matters that they use the same password for both. Only
that some password is asked for to do any admin stuff. That way, a trojan can't
easily trash your system.
More information about the devel
mailing list