2010/5/6 Paul W. Frields <stickster@xxxxxxxxx>: > On Wed, May 05, 2010 at 02:52:15PM +0200, Lennart Poettering wrote: >> On Wed, 05.05.10 10:22, Yaakov Nemoy (loupgaroublond@xxxxxxxxx) wrote: >> >> > >> > 2010/5/4 Lennart Poettering <mzerqung@xxxxxxxxxxx>: >> > > BTW: another reason to enable sudo by default is to unify things a >> > > little across distributions: to my knowledge Ubuntu (and related >> > > distros) set up sudo like that. It would be nice if folks coming from >> > > their would have an easy path to administrating Fedora systems. >> > >> > I disagree with this logic. It's too much like the 'if your friends >> > all jumped off the brooklyn bridge, would you do it too?' logic >> > parents use to convince kids not to do drugs. >> >> Well, it might come as a surprise to some, but actually Ubuntu is not >> just a bunch of imbiciles, and it kinda annoys me that whenever >> something comes from or is done in Ubuntu, people saya: "well, if Ubuntu >> does it, then it is questionnable because they don't know what they do >> and their distro is only used by noobs". >> >> Well, that's simply bullshit. > > I think Yaakov said in the paragraph right after the snip above that > he was simply not 100% convinced the implementation Ubuntu chose is > correct, not that they were imbeciles. Yes, analogies are generally > bad. Thanks Paul. This is correct. Just to be clear, i think Ubuntu's policy of giving the first user automatic sudo access is not the best way to do things. I don't mean to say that it hasn't been thought out by experts, and i definitely don't mean to say that it's insecure in any way. I will say that it doesn't educate users properly and gives users a false expectation of what good security is. One of the tricky things about these kinds of security policies where the most likely error you can get is E_PEBCAK is that there is theoretically no such thing as absolute security. When you define a security process intended to be secure, you have to take into account what the users were using before hand to understand their expectations of the computer. If they expect things to be widely open, they will do their worst to go around a more locked down security policy, thus negating its effectiveness. When i mention that i find Ubuntu's policy dubious, it's in connection with the idea that an Ubuntu user will eventually try out another distribution. Having a single non-root user with full access to the system via sudo isn't bad per se, but it denies you the ability to make fine grained control without work. It's ok for desktops. I think the seperation of root from the rest of the users via PolicyKit and a number of other mechanisms is far better for a wide variety of scenarios, including desktops. Assuming the user will have a hard time discerning the real difference between Ubuntu and Fedora in practice, you need a way that the user's expectations from Ubuntu can be thrown into Fedora and vica versa. You also don't want to compromise your ability to use PolicyKit effectively. In order to accomodate these two conflicting needs, i seperated this into two types of reasons the user might need root access, and at initial account creation time, a simple radio dialog can handle the two needs. To just follow Ubuntu's direction is bad for the reason that we create an either/or situation. I'm proposing a 'both' situation. And yes, Paul is correct; analogies are bad. -Yaakov -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
