[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: user created at install added in sudoers ?



On 20/06/07, n0dalus <n0dalus+redhat gmail com> wrote:
On 6/20/07, Chris Brown <snecklifter gmail com> wrote:
>
> [...] In my opinion (and many
> others) this is A Good Thing(tm) and would be of benefit to the majority of
> people. It would also result in a more secure Fedora which I think we can
> all agree is a good thing. So lets get it debated (FESCo?) and hear some
> arguments against because so far yours appears to be the only one and it
> sucks.
>

In what way would it benefit a majority of users?

Please go back and read the thread for the arguments for doing this.

I could be wrong,
but I suspect the majority of Fedora installations only have one
administrator, in which case, sudo actually ends up making things
_less_ secure (it provides another account by which root access can be
cracked). The majority of Fedora setups, including many ones with just
two or three administrators, would never have a need for revokable
root access (which is the only real advantage sudo gives).

No, its not. It means newbies understand the concept of root better (and don't run everything as root) and, as I have already said, I consider it more secure as it allows me to temporarily escalate privs to run a program requiring root in the knowledge that I can forget about having to exit the root shell afterwards. Which is nice.

I personally don't think it's an option that needs to be in the
installer, since in the majority of cases it is not even helpful. In
the other few cases, the person running the installation/firstboot
will setup (and hence know) the root password themselves, so there is
no need for a checkbox to add themselves to sudoers.

Except for the reasons I have given above.

Sudo is only really useful in multi-administrator environments, where
root access needs to be revokable.

Again, I don't agree.

For this case, it should be
presented as an option in system-config-users so second and subsequent
administrators can be set up,

That idea I _do_ like.

Regards
Chris

--
http://www.chruz.com
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]