On 1/8/06, Michael A. Peters <mpeters@xxxxxxx> wrote: > On Sun, 2006-01-08 at 13:21 +1030, n0dalus wrote: > > > > > I think the current system is fine as it is -- I don't see why some > > people are so keen on removing the root password. > > If I were modifying Fedora for desktop users (and I don't think this is > a safe general default - but if say I was Dell or someone selling Linux > for the Desktop based on Fedora) - I would make the following change - > > I would make an option to add the firstboot user to the wheel group. > The gui sysconfig-* tools (with perhaps a few exceptions) - if the tool > is requested by the pam_console user AND the user is a member of the > wheel group, that would be sufficient authentication to run the tool > without root password. > > I would not do it for the user administration tool, however - I would > still require root password to manage system users. But sound card > detection, network device configuration, Printing, etc. - that's how I > would do it. It doesn't require use of sudo, or use of the command line > at all. > Perhaps a better option, while it might require a lot of development, is to let users do more things without touching the actual system (or it could be handled by a daemon). Things like Printing, network device configuration, sound cards, system language settings etc might all be changeable on a per-user basis (with some restrictions) without you having to run anything with higher-privileges. For example, using system-config-language would change the Language for the current user only -- other users are not affected by the change. My non-English speaking friends could easily have an account on my computer and set their own language with a graphical tool, without me changing the language for the entire system (this is probably possible already, but I don't know how.) There could be a tickbox to set the default language for all users, and it would ask you for the root password before proceeding. Moving more settings and even some drivers into non-root userspace allows for better management without needing to have users enter the root password. I know this would all involve a lot of work and might introduce problems, but I think parts of Linux are heading this way already. n0dalus. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
