[CHANGE PROPOSAL] The securetty file is empty by default

Stephen John Smoogen smooge at gmail.com
Wed Apr 2 23:54:59 UTC 2014

On 2 April 2014 17:15, Matthew Miller <mattdm at fedoraproject.org> wrote:

> On Wed, Apr 02, 2014 at 02:12:50PM -0400, Simo Sorce wrote:
> > How does someone express strong disagreement to this change ?
> Posting here is a good start. You can also add a note in the FESCo ticket
> for approval once one is filed, and if you are incredibly passionate you
> can
> come to the FESCo meeting (although I'm hoping we can make those meetings
> more efficient, so that's not a good place for back and forth -- if
> possible
> we should work out the issues before the meeting).
I haven't seen a ticket listed and the wiki entry does not mention one. I
personally think it is a bad default having had to deal with this from
people who did this with the old Bastille scripts and choosing the
equivalent to SECURE EVERYTHING without knowing exactly what that idd no
matter how many "Do you really want to do that?" popups. While it sounds
like a useful task, it basically requires a bad sudo file and you are now
having to use very complicated rescue steps to get back into the box (and
if you added other things.. maybe not even that.)

> > This change makes it very hard to do necessary maintenance. I can
> > understand blocking SSH login as root with password by default, but I do
> > not understand what is the point of blocking console login as root.
> I assume that it's for a kiosk or public (or at least managed) lab
> situation. It makes sense for that, but I'm not convinced of a benefit
> otherwise, and I don't think that situation is the default....
> --
> Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>
>                                   "Tepid change for the somewhat better!"
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140402/08fd9323/attachment.html>

More information about the devel mailing list