[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On 11/18/2009 12:45 PM, Bastien Nocera wrote:
On Wed, 2009-11-18 at 18:08 +0100, nodata wrote:
Yikes! When was it decided that non-root users get to play root?

Ref:
   https://bugzilla.redhat.com/show_bug.cgi?id=534047

This is horrible!

Seems fair as the default for a desktop installation.

Once we get the new user management stuff into F13 [1], we'd probably
tighten that rule so that only admins are given the option, or all users
but with the need to authenticate as an admin.

No, the sane security answer is to least privileges as-is (require root) until your "new user management stuff" is ready.

Re-read your own post, and realize you proposed:

	FC1+: secure
	F12: insecure
	F13+ secure again

This is a hugely inconsistent security policy, a special case that administrators must un-learn and re-learn as they go through Fedora versions.

	Jeff



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]