On 11/26/19 12:45 AM, Dominique Martinet wrote:
Adam Williamson wrote on Mon, Nov 25, 2019 at 03:55:28PM -0800:
I gotta say +1 too. I don't buy that there's a significant 'hardening'
benefit worth all the effort mentioned in the Change *plus* the
additional consequences Kevin and Martin pointed out. At minimum I'd
like to see a much more convincing case that people are creating users
without passwords without understanding what they're doing.
FWIW this has happened at an association I help at -- they had VMs with
no root password set, and users created by puppet some of whom have
sudo.
They just expected no root password = no login possible, but it turns
out 'su' just gave out a root shell with no password entered...
"su" or "sudo"? Your scenario is unclear.
It's easy to fix once I realized that, but it had been that way for
quite a while until then; I'd definitely support removing nullok on the
default install.
I don't think that this proposal would even help with that situation.
This is about user passwords, not root. How were those VMs created? If
you're creating users with sudo access, how can you not expect to have
root be accessible?
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
