On Tue, 2019-11-26 at 09:45 +0100, Dominique Martinet wrote: > Adam Williamson wrote on Mon, Nov 25, 2019 at 03:55:28PM -0800: > > I gotta say +1 too. I don't buy that there's a significant 'hardening' > > benefit worth all the effort mentioned in the Change *plus* the > > additional consequences Kevin and Martin pointed out. At minimum I'd > > like to see a much more convincing case that people are creating users > > without passwords without understanding what they're doing. > > FWIW this has happened at an association I help at -- they had VMs with > no root password set, and users created by puppet some of whom have > sudo. > They just expected no root password = no login possible, but it turns > out 'su' just gave out a root shell with no password entered... Uh. This sounds odd. How exactly did they do this? Making a root account with no password is not that easy; you can't do it interactively through anaconda, I don't even know if you can do it with a kickstart. So they figured out how to do it post-install but somehow didn't at the same time figure out what doing it means? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
