On Wed, 2010-11-24 at 06:23 -0800, Steve Allen wrote: > Martin Gracik <mgracik@xxxxxxxxxx> wrote: > > I see, but what if you had a user "steve" with already setup sudo access for you, instead of the root account. > > Would that make your work more unpleasant? > > In the sense that it is making extra work for me, yes. I would use the > 'steve' account to set up the root account, then delete the 'steve' account. > > > Now you have to setup root account in the installer. So you have to setup at least one user account. > > Root is a pre-existing account. All that is needed is to set a password > for it. To set up the password you need to fill in 2 text entries. Creating a new user is just 1 text entry more, your name, as the username would be suggested and filled in automatically. I don't see 1 text entry as a deal breaker. > > > The way I propose, you would still have to setup only one user, no more work on your side compared to the > > situation we have now. The user would just not be called root, but for example "steve". > > Well, it would be more work for me -- see above. Admittedly, it's a > one-time ten minute task to deal with, but multiply that by dozens of > machines... > > > Or is there some reason that you absolutely need root access? > > A significant number of people subscribe to the "log in as a user then > become root" paradigm. I don't. I consider that unnecessarily burdensome. > > I would argue that there's a significant number of people that work the > same way I do. Trying to enforce a "be user, become root" policy through > the installer isn't going to make any of us happy. I agree that there are many people doing this, but logging in as root is I believe a security risk, and I think we should encourage the users to use policies that are more secure. And also, gdm does not allow you to login as root by default. What I mean is that I don't think we should help anyone with using his system in an insecure way. You can definitely do it if you really want, but you should have to overcome some obstacles. > > In the end, that's what I object to. It feels like an attempt to enforce > a policy that I don't agree with. Let it be default to set up a local user > account. But also let it be an option to bypass that and (or in addition) > set the root password. I know how you feel, there are many policies I don't agree with too, but they are used because many people believe, that it's better that way. > > Thank you, > Steve > -- Martin Gracik <mgracik@xxxxxxxxxx> _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
