Dear List,
I am a curious member of this list and an ordinary user of Linux ; so excuse me for breaking into a learned debate.I want to give a perspective of my end,following the threads between Havoc, Matthew and David.
I use Fedora at home and office. Nowhere I can have the support of learned linux experts at my beck and call; Also, I have installed the OS and created root and other users. All passwords are available with me.Working as a user,by the number of times I have to invoke 'root',I wonder why I should not be working as root itself ?.
By the discussions I have seen here and elsewhere, it appears most linux experts and creators are basically contemptous of such a user as me. I am sane, responsible and intelligent, but just not a linux expert. I have my job and I want computer to be an unhindering aid and a provider of entertainment.Why should I be required to know the intricacies of the OS ? When the CD is locked and unmountable, unejectable; profound sermons on the security aspects of linux hardly makes sense.
While completely respecting the concerns of security and stability; borderlines of zones and the security matrix can always be redefined and redesigned if you know exactly what you want to give the end user.OS and programs like shirts and pants need to be tailored to users.
I am a devoted user of Linux and Fedora. But what a stupid it makes of me! Without the root password I just cannot imagine keeping this box running and making any use of it.In a regulated office environment(unlike mine)where I wouldn't be having the root password, I do not think I will be able to use it with any amount of ease.In contrast, much maligned Windows pampers me!So nice and considerate of my needs with all it's flaws and weaknesses.Without the root password and a great deal of 'googli'ng and 'maillist'ng, I couldnot have sustained Linux on this box. Again,compare this with Windows.
When will Linux and Fedora learn to respect me and users like me or will it at all? Answer to that will be the key to whether it can really compete with MS
Parameshwara Bhat
On Fri, 4 Mar 2005 12:00:18 -0500 (EST), <fedora-desktop-list-request@xxxxxxxxxx> wrote:
Send submissions to fedora-desktop-list@xxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit http://www.redhat.com/mailman/listinfo/fedora-desktop-list or, via email, send a message with subject or body 'help' to fedora-desktop-list-request@xxxxxxxxxx
You can reach the person managing the list at fedora-desktop-list-owner@xxxxxxxxxx
When replying, please edit your Subject line so it is more specific than "Re: Contents of Fedora-desktop-list digest..."
Today's Topics:
1. Re: Make consolehelper more liske sudo? (Havoc Pennington) 2. Re: Make consolehelper more liske sudo? (Matthew Miller) 3. Re: Make consolehelper more liske sudo? (Matthew Miller) 4. Re: Make consolehelper more liske sudo? (David Zeuthen) 5. Re: Make consolehelper more liske sudo? (Matthew Miller) 6. Re: Make consolehelper more liske sudo? (Havoc Pennington) 7. Re: Make consolehelper more liske sudo? (Havoc Pennington) 8. Re: Make consolehelper more liske sudo? (Eric Warnke) 9. Re: Make consolehelper more liske sudo? (Matthew Miller) 10. Re: Make consolehelper more liske sudo? (David Zeuthen) 11. Re: Make consolehelper more liske sudo? (Matthew Miller) 12. Re: Make consolehelper more liske sudo? (Havoc Pennington)
----------------------------------------------------------------------
Message: 1 Date: Thu, 03 Mar 2005 14:34:51 -0500 From: Havoc Pennington <hp@xxxxxxxxxx> Subject: Re: Make consolehelper more liske sudo? To: Discussions about development for the Fedora desktop <fedora-desktop-list@xxxxxxxxxx> Message-ID: <1109878491.21167.15.camel@xxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain
On Wed, 2005-03-02 at 10:08 -0500, Eric Warnke wrote:Hello all,
I have unsucessfully been attempting to find out through both documentation, testing, and internet sources if I can get consolehelper to act more like sudo rather than su. Right now my problem is that there is NO WAY to roll this out to more users as a desktop alternative without giving them some power user ability ( printers, date and time, removable storage managment, ... ). Right now in order to give them access to these applications AFAICT I must either give the users the root password ( not gonna happen ) or create a pam.d file so that there is no password prompt ( pam_wheel with trust option ). Neither of these is a truly acceptable option at this point.
Any change should try to keep the system as close to baseline as possible, I would prefer not to rip out the consolehelper system, but I will if I have to. The featureset I want is identical to sudo, but I will make accomidations as long as I can allow users to run a specific command after prompting for the users password.
You can probably just set things up with sudo... I'm not sure how involved that is.
I do think consolehelper knows how to require user password instead of root password though. You may have more luck finding help with this on fedora-list or IRC than on this list. I'm not sure of the syntax myself but I'm pretty sure you want to edit the /etc/pam.d files.
All this "end user desktop" stuff that requires root I consider a bug btw, if you want to file a bugzilla for the individual items that would be helpful. If you get NOTABUG/WONTFIX from someone at Red Hat let me know and I'll tell them they are wrong.
Havoc
------------------------------
Message: 2 Date: Thu, 3 Mar 2005 14:56:20 -0500 From: Matthew Miller <mattdm@xxxxxxxxxx> Subject: Re: Make consolehelper more liske sudo? To: Discussions about development for the Fedora desktop <fedora-desktop-list@xxxxxxxxxx> Message-ID: <20050303195620.GA15219@xxxxxxxxxxxxx> Content-Type: text/plain; charset=us-ascii
On Wed, Mar 02, 2005 at 10:08:07AM -0500, Eric Warnke wrote:I have unsucessfully been attempting to find out through both documentation, testing, and internet sources if I can get consolehelper to act more like sudo rather than su. Right now my problem is that there is NO WAY to roll this out to more users as a desktop alternative without giving them some power user ability ( printers, date and time,
This may help. As of Fedora Core 3, the "UGROUPS" patch is in usermode. From
the userhelper man page:
UGROUPS A comma-separated list of groups whose members will be authen- ticated as if USER were set to the special value <user>. If the invoking user is not a member of one of these groups, the name defined in USER will be used as normal. For example, setting UGROUPS to wheel and USER to root allows members of wheel (tra- ditionally used for administrative privileges) to authenticate with their own credentials and requires other users to provide the root password.
So, for example, if /etc/security/console.apps/system-config-users looks like this:
USER=root PROGRAM=/usr/share/system-config-users/system-config-users SESSION=true UGROUPS=wheel
members of the wheel group will be able to authenticate with their own passwords, and others will need the root password.
We've made this the default for all of the system-config-* apps here at BU
for several years with good results; it might be nice to also make it the
default in future versions of Fedora. (Although this is a pretty big default
security policy change, it *is* basically the traditional meaning of the
"wheel" group.)
Caveat: I just noticed that the little "keys" gnome-panel icon doesn't work
with this, and I'm trying to figure out what should be done about that.
-- Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
-- Fedora-desktop-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-desktop-list
