Re: user created at install added in sudoers ?

[n0dalus <n0dalus+redhat gmail com>]

On 6/19/07, Matthew Miller <mattdm mattdm org> wrote:
> > While some people take the effort to use a different root password and
> > keep it separate from other passwords, very few people separate their
> > user account password from the myriad of other authentications, and
> > they shouldn't have to. It's reasonable and sensible that people reuse
> > their more trivial passwords, and for them to save their commonly used
> > passwords in commonly used applications.
>
> Yes, well, a system administrator enabled password isn't one of those
> trivial passwords. I agree with your point about myriads of passwords, but
> it's vital to recognize which ones are actually important. I'm not sure
> encouraging horrible password practice should be a design goal.

I think that's the point I was trying to make. Normal users don't
treat their passwords as administrator passwords, they treat them as
normal user passwords. By putting them in sudoers by default you are
encouraging horrible password practice by making their normal user
passwords equivalent to administrator passwords, when most users don't
understand this or its implications.

n0dalus.