[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User Experience improvements for Anaconda

On Wed, 2010-11-24 at 06:23 -0800, Steve Allen wrote:
> Martin Gracik <mgracik redhat com> wrote:
> > I see, but what if you had a user "steve" with already setup sudo access for you, instead of the root account.
> > Would that make your work more unpleasant?
> In the sense that it is making extra work for me, yes.  I would use the
> 'steve' account to set up the root account, then delete the 'steve' account.
> > Now you have to setup root account in the installer. So you have to setup at least one user account.
> Root is a pre-existing account.  All that is needed is to set a password
> for it.

To set up the password you need to fill in 2 text entries. Creating a
new user is just 1 text entry more, your name, as the username would be
suggested and filled in automatically. I don't see 1 text entry as a
deal breaker.

> > The way I propose, you would still have to setup only one user, no more work on your side compared to the
> > situation we have now. The user would just not be called root, but for example "steve".
> Well, it would be more work for me -- see above.  Admittedly, it's a
> one-time ten minute task to deal with, but multiply that by dozens of
> machines...
> > Or is there some reason that you absolutely need root access?
> A significant number of people subscribe to the "log in as a user then
> become root" paradigm.  I don't.  I consider that unnecessarily burdensome.
> I would argue that there's a significant number of people that work the
> same way I do.  Trying to enforce a "be user, become root" policy through
> the installer isn't going to make any of us happy.

I agree that there are many people doing this, but logging in as root is
I believe a security risk, and I think we should encourage the users to
use policies that are more secure. And also, gdm does not allow you to
login as root by default.

What I mean is that I don't think we should help anyone with using his
system in an insecure way. You can definitely do it if you really want,
but you should have to overcome some obstacles.

> In the end, that's what I object to.  It feels like an attempt to enforce
> a policy that I don't agree with.  Let it be default to set up a local user
> account.  But also let it be an option to bypass that and (or in addition)
> set the root password.

I know how you feel, there are many policies I don't agree with too, but
they are used because many people believe, that it's better that way.

> Thank you,
> Steve

Martin Gracik <mgracik redhat com>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]