On Thu, Sep 11, 2008 at 11:31:37AM -0600, Jerry Williams wrote: > This doesn't seem very user friendly to me. > Windoz lets you login as Administrator. > > And all of the Alt Ctrl keys aren't very friendly either. > Seems like there should be a help button to tell you what they are. > > I would think that root should be allowed to login and run only the things > that a normal user can and has to enter the root password. It might be valuable to think about this in terms of a richer permission model enabled by SELinux and also the complexity of xen virtual machines... If one was designing a 'better' security model it seems important to ponder the single root account being all powerful and a structure of a mix of functional and level based permissions. For years I have disabled root login via ssh and established a short list of su and sudo ers to protect systems that I have the keys to. IMO The single most important security policy is to disable root login. SELinux policy is now at the point that I leave it on and have begun to take advantage it for small thing exposed to the wild. The number of compromised systems we read about is small but growing in numbers and sophistication as the bad guys continue to look for easy attacks to take advantage of. As we just encountered even Red Hat can find itself dealing with a breach. -- T o m M i t c h e l l Got a great hat... now what. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
