user created at install added in sudoers ?

Chris Brown snecklifter at gmail.com
Wed Jun 20 08:53:21 UTC 2007


On 20/06/07, n0dalus <n0dalus+redhat at gmail.com> wrote:
>
> On 6/20/07, Chris Brown <snecklifter at gmail.com> wrote:
> >
> > [...] In my opinion (and many
> > others) this is A Good Thing(tm) and would be of benefit to the majority
> of
> > people. It would also result in a more secure Fedora which I think we
> can
> > all agree is a good thing. So lets get it debated (FESCo?) and hear some
> > arguments against because so far yours appears to be the only one and it
> > sucks.
> >
>
> In what way would it benefit a majority of users?


Please go back and read the thread for the arguments for doing this.

I could be wrong,
> but I suspect the majority of Fedora installations only have one
> administrator, in which case, sudo actually ends up making things
> _less_ secure (it provides another account by which root access can be
> cracked). The majority of Fedora setups, including many ones with just
> two or three administrators, would never have a need for revokable
> root access (which is the only real advantage sudo gives).


No, its not. It means newbies understand the concept of root better (and
don't run everything as root) and, as I have already said, I consider it
more secure as it allows me to temporarily escalate privs to run a program
requiring root in the knowledge that I can forget about having to exit the
root shell afterwards. Which is nice.

I personally don't think it's an option that needs to be in the
> installer, since in the majority of cases it is not even helpful. In
> the other few cases, the person running the installation/firstboot
> will setup (and hence know) the root password themselves, so there is
> no need for a checkbox to add themselves to sudoers.


Except for the reasons I have given above.

Sudo is only really useful in multi-administrator environments, where
> root access needs to be revokable.


Again, I don't agree.

For this case, it should be
> presented as an option in system-config-users so second and subsequent
> administrators can be set up,


That idea I _do_ like.

Regards
Chris

-- 
http://www.chruz.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070620/742932c3/attachment.htm>


More information about the fedora-devel-list mailing list