Default sudo setup (Was: Re: The Future of Fedora.)
Michael K. Johnson
johnsonm at redhat.com
Thu Dec 11 03:00:50 UTC 2003
On Thu, Dec 11, 2003 at 03:16:44AM +0100, Emmanuel Seyman wrote:
> On Wed, Dec 10, 2003 at 11:16:00AM -0500, Michael K. Johnson wrote:
> >
> > I think we'd want to do things differently -- using the wheel group
> > instead of inventing another group, having a root password by default,
>
> Putting a default root password sounds like an EXTREMELY bad idea, IMHO.
No, no, no. Not a particular default root password. Please re-read
what I wrote carefully (I expect this is a case of "lost in translation").
The point is that we don't want to lock out the root account by default;
we still want to tell the user to provide a root password as part of the
installation process.
> I had the idea of allowing a group of people (the wheel group sounds fine)
> to ssh to the root account through the localhost interface without typing
> in a password (I don't really care how you do this as long as it's secure).
This is not hard to do but it makes these accounts exactly equivalent to
root and should not be set up by default. I'm not going to describe how
to do it because I think that (at least without a strong SELinux security
policy, which makes the point basically moot) it's foolish to do.
michaelkjohnson
"He that composes himself is wiser than he that composes a book."
Linux Application Development -- Ben Franklin
http://people.redhat.com/johnsonm/lad/
More information about the devel
mailing list