2008/10/5 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx>: > Colin Walters wrote: >> >> On Sat, Oct 4, 2008 at 12:14 PM, Rahul Sundaram >> <sundaram@xxxxxxxxxxxxxxxxx> wrote: >>> >>> Hi >>> >>> You can add the following snippet to the fedora-desktop ks file into a >>> init >>> script to make sudo just work for the first user. It can't be added to >>> %post >>> since firstboot wouldn't have launched then. Let me know what you think: >> >> I agree the overall concept makes sense. Some questions to consider: >> >> 1) Are we too far into the F10 process for this? > > It's a fairly simple change. You can stick it in the current ks file and do > a compose and test or if you want me to do that and post a image for further > testing, I can. > >> 2) How does this interact with the default PolicyKit configuration? > > PolicyKit configuration should be tweaked to accept user password like you > said but I don't know about the details much. > > >> 3) How do other important OS vendors use sudo, is there a chance to >> harmonize a bit? >> 4) Does it still make sense to have a root password (and root account)? > > Are you asking about disabling the root account by default? Not possible > without Anaconda changes and at this point, I wouldn't think about anything > major for this release atleast. I used to always lock the root account and use sudo myself, but AFAIK the system-config-* tools for example can't be set up to use sudo instead of the root passoword. (Debian, Ubuntu and Arch Linux, for example, use gksu for similar tools, which can be configured to use either.) Since I didn't want multiple ways to get root privileges and I still wanted to use the system-config-* tools from the menu, I had to stop using sudo. I quickly got used to using the root password, though. I don't mind if Fedora uses sudo or a root account for getting root privileges, but I'd very much like it to be consistent. Ubuntu does this by having every management tool support sudo and always asking for the user's password. Fedora has always asked for the root password, which I like, too. I'm not a security expert, but I think it would be best to have just one way to get root access. One important password. Or with sudo, where I could just decide which users could run admin tools, instead of just the users who know the root password. What I wouldn't like is a mess where I would sometimes enter my own password and other times the root password, depending on the tool. If this could be avoided just by not opting in for the sudo setup during the installation, that is ok. This ended up being a little rant-ish, but well, I think adding sudo to the default setup is not a small change and is worth being thought and planned well ahead before doing it. -- Joonas Sarajärvi muepsj@xxxxxxxxx -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
