On Fri, May 24, 2013 at 5:20 PM, Matthew Miller
<mattdm@fedoraproject.org> wrote:
> On Fri, May 24, 2013 at 10:57:29AM -0400, seth vidal wrote:
>> How about we do-away with the 'faux user which is and is not root even
>> though they are a trivial unpassworded sudo away' security theater that
>> amazon and ubuntu have been peddling for years now.
>>
>> I mean seriously - it's meaningless - let's stop pretending.
>
> I don't see it as a security feature (for the obvious reasons you give).
>
> It's more like the blade cover on a lawn mower. Sure, that's not locked and
> you can easily remove it, but a large amount of normal operation -- even
> sysadmin work! -- doesn't require you to stick your fingers in there.
>
> By not requiring a password, there's an easy-quick-release lock, and hey,I agree with Matt. Security wise it doesn't make a lot of sense. But
> you can always 'sudo su -' if you want to mow the grass without the cover.
> But it's still good practice to leave the cover on when you don't actually
> need to adjust something or fix a problem.
>
> We're not forcing that practice on anyone (you can disable the creation of
> the user in user-data, and I even include a snippet to just use root in the
> cloud-ks file), but I think it's a good default.
>
> That Ubuntu and Amazon do a similar thing just makes it easier.
it protects the casual user from shooting himself in the foot. What's
the downside?
...Juerg
>
>
> --
> Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
> _______________________________________________
> cloud mailing list
> cloud@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/cloud
_______________________________________________
cloud mailing list
cloud@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/cloud