Root login in rawhide and display managers

Richi Plana myfedora at richip.dhs.org
Thu Sep 20 12:40:50 UTC 2007


On Thu, 2007-09-20 at 08:47 +0000, "Jóhann B. Guðmundsson" wrote:
> > The *MAIN* fault with Windows is the 'user is root' situation. You want
> > that for Linux? Do you really want someone who thinks that a harddrive is
> > that 'big box on my desk that all of this stuff is connected to' to have
> > kill it in one shot abilities?
> >   
> 
> If the user is *chrooted* to his home directory and what he does cant 
> affect the system or
> other users, then hell yeah.. he should have the power to shoot himself 
> in the "foot"
> or commit otherwize user suicide...

I'm afraid I'm going to have to disagree on this one. Yes, I do agree
that users should be given the freedom to shoot themselves in the foot
IF shooting themselves in the foot is what they want. In this case,
intent matters.

I keep mentioning that the Fedora system should be made to be smart to
aid the user in achieving what he/she wants to do (and is allowed to do,
assuming there are restrictions in the institution he's in). It's not
even about being root or user privileges. Some users will want to
actually DO something (like start/stop system services, configure
printers, etc.) while some users just WANT to be root because he knows
he has a myriad of things to do requiring root privileges.
Unfortunately, the latter situation is really a remnant of the Unix way
of thinking. In truth, Administrators don't have to have root access for
everything but have gotten so used to not having to authenticate
themselves to the system as having the privilege to do what they want
whenever they try something.

So no, I don't believe in the Windows' "the user is root" philosophy,
but until out system has gotten to the point where extended privileges
can be given to the user WITHOUT HAVING TO TYPE THE ROOT PASSWORD EACH
TIME, then "the user is root" makes sense for a lot of cases (not that
I'm advocating it).

Think about it this way: let's say Fedora is installed on a computer
where only one person will use it (the owner). It's really cumbersome
having to type the root password each time certain actions have to be
performed.

I've never been a big fan of the single-tiered "root is god" idea,
anyway. It's certainly convenient for Unix users (including myself) who
know exactly what they're doing, though. At the very least, there should
be two user IDs: root and admin. admin gets power over some low to
mid-level subsystems and could even be the first local account created,
while root is root. I seem to recall that Novell (the network system)
had a more complex privilege or access list system. Not too sure about
Windows.
--

Richi Plana




More information about the fedora-devel-list mailing list