Torvalds:requiring root password for mundane things is moronic

[Chris Adams]

Once upon a time, M A Young <m.a.young at durham.ac.uk> said:
> >From what I remember permissions were opened up without making it clear 
> this was happening and without an easy way of putting them back, which 
> made things very difficult if you had good reasons for the permissions 
> being locked down. The flamefest was at least in part because things were 
> done badly, leading to the "Fedora introduces security holes" type of 
> headline.

Yes, that was more-or-less what happened.  People realized that the
system time could be changed by any desktop user, and that the time is a
pretty critical thing for security (cron jobs, logging, time-of-day
access, etc.).  The change had not been documented anywhere and was the
default.

> I think the right way to do it is for things to be secure by default, but 
> with easy tools to relax security where appropriate (which could include 
> options to do this during install).

IMHO the defaults in the standard packages should be strict, and then
desktop spins could add additional PK configs to loosen up where desired
(with docs to match).  This would have the added advantages of making it
more obvious what was loosened up as well as giving examples on how to
customize things.

I will agree that some of the defaults are annoying though; somehow my
system (possibly through my own uninformed configuration) prompts me for
passwords three times when trying to add a printer (once to turn off
blocking in the firewall when I'm not even running a firewall, once to
load printer info, and then once to actually add a printer).
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.