On Mon, Jan 26, 2015 at 3:29 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > On Mon, Jan 26, 2015 at 3:23 PM, M. Edward (Ed) Borasky <znmeb@xxxxxxxxx> wrote: > >> It's been a while since I installed openSUSE but my recollection is >> that the default is to set the root password to the same value as the >> user password. You can uncheck that and use another password. Also, >> the non-root user is *not* in the 'wheel' group by default IIRC. > > That is true, the admin checkbox isn't checked by default in the > installer, but I think gnome-initial-setup adds the user to wheel. > g-i-s only comes up if a user wasn't created in the installer. This is > consistent with Windows and OS X too, the first user is an admin. > >> >> I'd go that route - require a root password but give the user the >> option to copy the administrator password to 'root'. > > I think this is reasonable for Workstation, but I'm also really anti > forcing users to follow password rules for root. So as long as tying > the first user password to root doesn't then cause ridiculous security > theater rules to be enforced on the user, great. Again as point of > reference Windows and OS X don't have such limitations. I think it's > fine to warn the user if their password is a dictionary word or > whatever best practices is for warnings. I would sooner consider it > more appropriate if the UI were to resort to name calling than > enforcing specific password rules. > > > -- > Chris Murphy > -- > desktop mailing list > desktop@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/desktop It depends a lot on the threat model. Users don't do as much threat modeling as they should; in the case of Windows they sorta trust Microsoft but they also buy virus protection they don't need and fall for scams distressingly often. Case in point - I recently installed the Windows 10 tech preview in a VM. In the process of using *Bing search* I accidentally enabled a nasty piece of scareware called Vosteran. What's worse, Microsoft seems to have recorded that in its cloud for me as an IE default - I reformatted the hard drive and reinstalled and when I opened IE up again, Vosteran was still there! So I say enforce strong passwords, close *all* the ports on a workstation (including ssh - I had some bad guy in Hong Kong trying to get into my system recently) and teach users how to be safe. Make the rootkit detectors available and well-documented, etc. -- OSJourno: Robust Power Tools for Digital Journalists http://www.znmeb.mobi/stories/osjourno-robust-power-tools-for-digital-journalists Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday. -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop