----- Original Message ----- > > On Tue, 2014-12-09 at 05:51 -0500, Bastien Nocera wrote: > > A number of OSes default to having the first created user be the > > "Administrator", including OSX, Windows and, closer to our usage, > > Ubuntu. > > > > I don't think that defaulting to the first user being an admin is a > > problem for people installing multiple machines, as this would be > > something they would look for. I'd much rather force having an admin on > > the system and get rid of the root user as something you can log in as. > > Well, that works if-and-only-if you are dealing with a predominately > single-user machine. In the case where you are managing users in a > FreeIPA or Active Directory domain, in many cases you won't really have > a "first user" on the system. Even network-enabled logins have local admin users, such as the well-known "toor". Having a local admin that's not root would certainly be beneficial. > Now, an argument can be made for requiring that the domain policy is set > up to have appropriate admin privileges for certain users in the domain, > but that doesn't help if there's a bug in network connectivity or SSSD > that prevents that admin from being able to log in to fix things. > > So I think a strong need remains for having a real root account on > systems that are domain-enabled. So you don't want a real root account, you want a local admin with rights similar to root. -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
