On 5/17/19 5:23 AM, Stephen Gallagher wrote:
...snip...
PLEASE I AM NOT SUBSCRIBING THIS THREAD AND ALL FEDORA ANYMORE IAM NOT IN GSOC I DO NOT WANT THESE MAILS PLASE !!!!!!!!!!!!!!!!!!!!!!!!!!!
> 3) Force Anaconda to require the creation of a non-root user that is a
> member of the `wheel` group, so that this user can be used to SSH in
> and administer the system. Essentially, remove the root user creation
> spoke as an option from the interactive install.
So, this is basically the old cloud-init makes a user that can sudo to
root thing. Can anyone explain in small words how this is more secure?
I mean, in this case the attacker would need to guess the username in
addition to the password (where in the cloud cause this is known), but
otherwise why not just keep root password access ?
I always found that cloud default anoying and useless and haven't yet
seen a good argument to not do it.
kevin
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org