2010/5/4 Lennart Poettering <mzerqung@xxxxxxxxxxx>: > BTW: another reason to enable sudo by default is to unify things a > little across distributions: to my knowledge Ubuntu (and related > distros) set up sudo like that. It would be nice if folks coming from > their would have an easy path to administrating Fedora systems. I disagree with this logic. It's too much like the 'if your friends all jumped off the brooklyn bridge, would you do it too?' logic parents use to convince kids not to do drugs. I don't want to compare Ubuntu's decisions about security to drug use, but the way you phrase it here, you make it sound like Ubuntu's setup is already the best for users out there, and i'm not 100% convinced. If there is a well defined policy that the consensus agrees is good, then i'm all in favour of seeing that implemented as widely as possible, for exactly the reasons you mention above. There's two other points to be made. Let's say we have a well defined security policy that the consensus agrees on. I'm willing to bet more than anything that having it widely deployed will negate some of the value it provides. Having multiple policies on different systems make it that much harder for malware writers to trick users into doing stupid things, and there's a certain fundamental advantage to using multiple good policies on different systems for diversity. This is assuming that multiple good policies exist. The other point is that i'm personally not convinced automatically giving sudo is the best option out there. (You can see my bias here.) I think there is a strong difference in contexts between: A) The user knows what he's doing, he owns the box, and he wants to change something relatively benign such as the date or time of the machine, install packages from good repos, something that can be handled by PolicyKit. B) The user knows what he's doing, he owns the box, and he wants to be able to change anything at will using the old tried and true administration techniques using sudo, such as changing the root password, installing packages from source and so on. These aren't judgement calls on what's better for the user to be allowed to do. There is a value though in communicating clearly that these are two seperate contexts, and having an option in the new user creation is definitely one way to communicate the difference between someone with the right SELinux context and someone in the wheel group. -Yaakov -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
