[CHANGE PROPOSAL] The securetty file is empty by default

Simo Sorce simo at redhat.com
Thu Apr 3 13:06:31 UTC 2014

On Wed, 2014-04-02 at 19:15 -0400, Matthew Miller wrote:
> On Wed, Apr 02, 2014 at 02:12:50PM -0400, Simo Sorce wrote:
> > How does someone express strong disagreement to this change ?
> Posting here is a good start. You can also add a note in the FESCo ticket
> for approval once one is filed, and if you are incredibly passionate you can
> come to the FESCo meeting (although I'm hoping we can make those meetings
> more efficient, so that's not a good place for back and forth -- if possible
> we should work out the issues before the meeting).

Ticket number ?

> > This change makes it very hard to do necessary maintenance. I can
> > understand blocking SSH login as root with password by default, but I do
> > not understand what is the point of blocking console login as root.
> I assume that it's for a kiosk or public (or at least managed) lab
> situation. It makes sense for that, but I'm not convinced of a benefit
> otherwise, and I don't think that situation is the default....

I am not even sure it makes sense in a kiosk, unless people want to use
"password" as their root password. But even if it made sense in that
situation it is far from being a useful *default*. This kind of severely
restricting measure is best left to hardening manuals.


Simo Sorce * Red Hat, Inc * New York

More information about the devel mailing list