[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: user created at install added in sudoers ?



On 6/19/07, Matthew Miller <mattdm mattdm org> wrote:

> While some people take the effort to use a different root password and
> keep it separate from other passwords, very few people separate their
> user account password from the myriad of other authentications, and
> they shouldn't have to. It's reasonable and sensible that people reuse
> their more trivial passwords, and for them to save their commonly used
> passwords in commonly used applications.

Yes, well, a system administrator enabled password isn't one of those
trivial passwords. I agree with your point about myriads of passwords, but
it's vital to recognize which ones are actually important. I'm not sure
encouraging horrible password practice should be a design goal.

I think that's the point I was trying to make. Normal users don't
treat their passwords as administrator passwords, they treat them as
normal user passwords. By putting them in sudoers by default you are
encouraging horrible password practice by making their normal user
passwords equivalent to administrator passwords, when most users don't
understand this or its implications.

n0dalus.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]