Thoughts about Fedora 21 Desktop
Bastien Nocera
bnocera at redhat.com
Tue Dec 9 13:38:47 UTC 2014
----- Original Message -----
>
> On Tue, 2014-12-09 at 05:51 -0500, Bastien Nocera wrote:
> > A number of OSes default to having the first created user be the
> > "Administrator", including OSX, Windows and, closer to our usage,
> > Ubuntu.
> >
> > I don't think that defaulting to the first user being an admin is a
> > problem for people installing multiple machines, as this would be
> > something they would look for. I'd much rather force having an admin on
> > the system and get rid of the root user as something you can log in as.
>
> Well, that works if-and-only-if you are dealing with a predominately
> single-user machine. In the case where you are managing users in a
> FreeIPA or Active Directory domain, in many cases you won't really have
> a "first user" on the system.
Even network-enabled logins have local admin users, such as the well-known "toor".
Having a local admin that's not root would certainly be beneficial.
> Now, an argument can be made for requiring that the domain policy is set
> up to have appropriate admin privileges for certain users in the domain,
> but that doesn't help if there's a bug in network connectivity or SSSD
> that prevents that admin from being able to log in to fix things.
>
> So I think a strong need remains for having a real root account on
> systems that are domain-enabled.
So you don't want a real root account, you want a local admin with rights
similar to root.
More information about the desktop
mailing list