Nikos Roussos wrote: > On Wed, Feb 29, 2012 at 3:56 PM, Chris Evich <cevich@xxxxxxxxxx> wrote: > >> On 02/29/2012 07:46 AM, Mark Bidewell wrote: >> >>> On Wed, Feb 29, 2012 at 7:36 AM, Emanuel Rietveld<codehotter@xxxxxxxxx>** >>> wrote: >>> >>> On 02/29/2012 01:15 PM, drago01 wrote: >>>> >>>> On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker<ndbecker2@xxxxxxxxx> >>>>> wrote: >>>>> >>>>> I think he's got a point >>>>>> >>>>>> http://www.osnews.com/story/****25659/Torvalds_requiring_root_****<http://www.osnews.com/story/**25659/Torvalds_requiring_root_**> >>>>>> password_for_mundane_things_****is_quot_moronic_quot_<http://** >>>>>> www.osnews.com/story/25659/**Torvalds_requiring_root_** >>>>>> password_for_mundane_things_**is_quot_moronic_quot_<http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_> >>>>>> > >>>>>> >>>>>> >>>>> Yeah but last time we tried this in fedora it got "flamefested" so we >>>>> had to revert. >>>>> >>>>> >>>> Perhaps a solution is adding a group with the needed permissions and make >>>> it really easy to add an account to that group. >>>> >>>> -- >>>> devel mailing list >>>> devel@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.****org/mailman/listinfo/devel<htt** >>>> ps://admin.fedoraproject.org/**mailman/listinfo/devel<https://admin.fedoraproject.org/mailman/listinfo/devel> >>>> > >>>> >>>> >>> +1 to this. Many tasks should not require full root permissions to >>> execute. Having a set of groups centered around tasks (install printers, >>> install software, etc.) would definitely make this simpler. This method >>> would also be arguably be more secure than sudo as processes don't run >>> with >>> root permission therefore root privileged cannot be gained by exploiting a >>> program. Another situation where having a group based security would be >>> nice is access to privileged ports. Try running JBoss as a non-root user >>> on port 80. >>> >>> >>> >> Another +1 to the groups idea. It would enable a simple convenience >> feature as well: When prompting a user for the root password to do >> something the first time, include a check-box to add the user to the proper >> group behind-the-scene (with a warning that user needs to logout/login for >> change to be effective). Maybe also include a simple management program to >> enable/disable/display allowed functionality for specific users based on >> descriptions (i.e. instead of group name - which may be meaningless to a >> n00b). Kind of like how android permissions look, but with more of a >> management focus. >> > > Why not add by default the first user created (right after installation > finishes) to administrative group and disable the root account? From my > experience (and the feedback I get from users that reach to me as an > Ambassador) most users fail to understand why they asked twice for > passwords during installation and they tend to use the same on both root > and first user password. I don't think it really matters that they use the same password for both. Only that some password is asked for to do any admin stuff. That way, a trojan can't easily trash your system. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
