On 11/2/2009 8:26 AM, Karel Volný wrote: > >> I'd suggest that anyone who sets up a system without any user >> accounts _and_ somehow needs a GUI to configure the system >> _and_ can't manage to figure out the settings to change so >> they can login as root should probably not be pretending to >> be a competent administrator. > > I guess the last part is not correct - he *can* login as root, > but *can not* run Konqueror as root ... that's a difference > > oh, and also the original post was not about installing without > ordinary user accounts > > well, but this is not the point - the point is, that someone who > supposes he's smarter than the others just disables a possibility > for the others > > please, stop protecting other people from themselves - if they > want to risk being hurt, just let them get hurt ... > > > I've got a usecase - what about using Konqueror to configure CUPS > > what is the security difference between doing > $ su - > # konqueror localhost:631 > > and > > $ konqueror localhost:631 > <supply root password to konqueror when asked for> > > ? > > in the first case, if the attacker gets in control of Konqueror, > he can do rm -rf / directly; in the latter, he can capture root > password ... which may (or may not) be more valuable > > >> Are there not enough examples from Windows of why it's a >> terrible idea to run with full administrator privileges -- >> especially software like web browsers? > > I do not think that using Windows as an argument is worth here > > and do not forget that Konqueror is also a file browser, not just > web browser (oh, does everyone really has to do "cd /etc; vi > someconfigfile" in the text console?) You, sir, are advocating one of the major 'stupid Windows users' arguments for Linux. Run as root. The point is, I believe, that to disable root is considered a good thing. Those that disagree with that thought and wish to open their system that way are free to do so. Those that do not know *how* to do that probably should *not* do that. Makes sense to me. -- David
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
