root password required for basic troubleshooting
M. Edward (Ed) Borasky
znmeb at znmeb.net
Tue Jan 27 00:20:43 UTC 2015
On Mon, Jan 26, 2015 at 3:29 PM, Chris Murphy <lists at colorremedies.com> wrote:
> On Mon, Jan 26, 2015 at 3:23 PM, M. Edward (Ed) Borasky <znmeb at znmeb.net> wrote:
>> It's been a while since I installed openSUSE but my recollection is
>> that the default is to set the root password to the same value as the
>> user password. You can uncheck that and use another password. Also,
>> the non-root user is *not* in the 'wheel' group by default IIRC.
> That is true, the admin checkbox isn't checked by default in the
> installer, but I think gnome-initial-setup adds the user to wheel.
> g-i-s only comes up if a user wasn't created in the installer. This is
> consistent with Windows and OS X too, the first user is an admin.
>> I'd go that route - require a root password but give the user the
>> option to copy the administrator password to 'root'.
> I think this is reasonable for Workstation, but I'm also really anti
> forcing users to follow password rules for root. So as long as tying
> the first user password to root doesn't then cause ridiculous security
> theater rules to be enforced on the user, great. Again as point of
> reference Windows and OS X don't have such limitations. I think it's
> fine to warn the user if their password is a dictionary word or
> whatever best practices is for warnings. I would sooner consider it
> more appropriate if the UI were to resort to name calling than
> enforcing specific password rules.
> Chris Murphy
> desktop mailing list
> desktop at lists.fedoraproject.org
It depends a lot on the threat model. Users don't do as much threat
modeling as they should; in the case of Windows they sorta trust
Microsoft but they also buy virus protection they don't need and fall
for scams distressingly often.
Case in point - I recently installed the Windows 10 tech preview in a
VM. In the process of using *Bing search* I accidentally enabled a
nasty piece of scareware called Vosteran. What's worse, Microsoft
seems to have recorded that in its cloud for me as an IE default - I
reformatted the hard drive and reinstalled and when I opened IE up
again, Vosteran was still there!
So I say enforce strong passwords, close *all* the ports on a
workstation (including ssh - I had some bad guy in Hong Kong trying to
get into my system recently) and teach users how to be safe. Make the
rootkit detectors available and well-documented, etc.
OSJourno: Robust Power Tools for Digital Journalists
Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.
More information about the desktop