<div class="gmail_quote">On Wed, Feb 29, 2012 at 3:56 PM, Chris Evich <span dir="ltr"><<a href="mailto:cevich@redhat.com">cevich@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 02/29/2012 07:46 AM, Mark Bidewell wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
On Wed, Feb 29, 2012 at 7:36 AM, Emanuel Rietveld<<a href="mailto:codehotter@gmail.com" target="_blank">codehotter@gmail.com</a>><u></u>wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
On 02/29/2012 01:15 PM, drago01 wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker<<a href="mailto:ndbecker2@gmail.com" target="_blank">ndbecker2@gmail.com</a>> wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
I think he's got a point<br>
<br>
</div><a href="http://www.osnews.com/story/**25659/Torvalds_requiring_root_**" target="_blank">http://www.osnews.com/story/**<u></u>25659/Torvalds_requiring_root_<u></u>**</a><br>
password_for_mundane_things_**<u></u>is_quot_moronic_quot_<<a href="http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_" target="_blank">http://<u></u>www.osnews.com/story/25659/<u></u>Torvalds_requiring_root_<u></u>password_for_mundane_things_<u></u>is_quot_moronic_quot_</a>><br>
<br>
</blockquote><div class="im">
<br>
Yeah but last time we tried this in fedora it got "flamefested" so we<br>
had to revert.<br>
<br>
</div></blockquote><div class="im">
<br>
Perhaps a solution is adding a group with the needed permissions and make<br>
it really easy to add an account to that group.<br>
<br>
--<br>
devel mailing list<br>
<a href="mailto:devel@lists.fedoraproject.org" target="_blank">devel@lists.fedoraproject.org</a><br>
</div><a href="https://admin.fedoraproject." target="_blank">https://admin.fedoraproject.</a>**<u></u>org/mailman/listinfo/devel<<a href="https://admin.fedoraproject.org/mailman/listinfo/devel" target="_blank">htt<u></u>ps://admin.fedoraproject.org/<u></u>mailman/listinfo/devel</a>><br>
<br>
</blockquote><div class="im">
<br>
+1 to this. Many tasks should not require full root permissions to<br>
execute. Having a set of groups centered around tasks (install printers,<br>
install software, etc.) would definitely make this simpler. This method<br>
would also be arguably be more secure than sudo as processes don't run with<br>
root permission therefore root privileged cannot be gained by exploiting a<br>
program. Another situation where having a group based security would be<br>
nice is access to privileged ports. Try running JBoss as a non-root user<br>
on port 80.<br>
<br>
<br>
</div></blockquote>
<br>
Another +1 to the groups idea. It would enable a simple convenience feature as well: When prompting a user for the root password to do something the first time, include a check-box to add the user to the proper group behind-the-scene (with a warning that user needs to logout/login for change to be effective). Maybe also include a simple management program to enable/disable/display allowed functionality for specific users based on descriptions (i.e. instead of group name - which may be meaningless to a n00b). Kind of like how android permissions look, but with more of a management focus.<br>
</blockquote><div><br>Why not add by default the first user created (right after installation finishes) to administrative group and disable the root account? From my experience (and the feedback I get from users that reach to me as an Ambassador) most users fail to understand why they asked twice for passwords during installation and they tend to use the same on both root and first user password.<br>
</div></div>