An ordinary user's perspective of Linux (was Re: Make consolehelper more liske sudo?)
Parameshwara Bhat
pbhat at ongc.net
Sat Mar 5 13:52:52 UTC 2005
Dear List,
I am a curious member of this list and an ordinary user of Linux ; so
excuse me for breaking into a learned debate.I want to give a perspective
of my end,following the threads between Havoc, Matthew and David.
I use Fedora at home and office. Nowhere I can have the support of learned
linux experts at my beck and call; Also, I have installed the OS and
created root and other users. All passwords are available with me.Working
as a user,by the number of times I have to invoke 'root',I wonder why I
should not be working as root itself ?.
By the discussions I have seen here and elsewhere, it appears most linux
experts and creators are basically contemptous of such a user as me. I am
sane, responsible and intelligent, but just not a linux expert. I have my
job and I want computer to be an unhindering aid and a provider of
entertainment.Why should I be required to know the intricacies of the OS ?
When the CD is locked and unmountable, unejectable; profound sermons on
the security aspects of linux hardly makes sense.
While completely respecting the concerns of security and stability;
borderlines of zones and the security matrix can always be redefined and
redesigned if you know exactly what you want to give the end user.OS and
programs like shirts and pants need to be tailored to users.
I am a devoted user of Linux and Fedora. But what a stupid it makes of me!
Without the root password I just cannot imagine keeping this box running
and making any use of it.In a regulated office environment(unlike
mine)where I wouldn't be having the root password, I do not think I will
be able to use it with any amount of ease.In contrast, much maligned
Windows pampers me!So nice and considerate of my needs with all it's flaws
and weaknesses.Without the root password and a great deal of 'googli'ng
and 'maillist'ng, I couldnot have sustained Linux on this box.
Again,compare this with Windows.
When will Linux and Fedora learn to respect me and users like me or will
it at all? Answer to that will be the key to whether it can really compete
with MS
Parameshwara Bhat
On Fri, 4 Mar 2005 12:00:18 -0500 (EST),
<fedora-desktop-list-request at redhat.com> wrote:
> Send Fedora-desktop-list mailing list submissions to
> fedora-desktop-list at redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.redhat.com/mailman/listinfo/fedora-desktop-list
> or, via email, send a message with subject or body 'help' to
> fedora-desktop-list-request at redhat.com
>
> You can reach the person managing the list at
> fedora-desktop-list-owner at redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Fedora-desktop-list digest..."
>
>
> Today's Topics:
>
> 1. Re: Make consolehelper more liske sudo? (Havoc Pennington)
> 2. Re: Make consolehelper more liske sudo? (Matthew Miller)
> 3. Re: Make consolehelper more liske sudo? (Matthew Miller)
> 4. Re: Make consolehelper more liske sudo? (David Zeuthen)
> 5. Re: Make consolehelper more liske sudo? (Matthew Miller)
> 6. Re: Make consolehelper more liske sudo? (Havoc Pennington)
> 7. Re: Make consolehelper more liske sudo? (Havoc Pennington)
> 8. Re: Make consolehelper more liske sudo? (Eric Warnke)
> 9. Re: Make consolehelper more liske sudo? (Matthew Miller)
> 10. Re: Make consolehelper more liske sudo? (David Zeuthen)
> 11. Re: Make consolehelper more liske sudo? (Matthew Miller)
> 12. Re: Make consolehelper more liske sudo? (Havoc Pennington)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 03 Mar 2005 14:34:51 -0500
> From: Havoc Pennington <hp at redhat.com>
> Subject: Re: Make consolehelper more liske sudo?
> To: Discussions about development for the Fedora desktop
> <fedora-desktop-list at redhat.com>
> Message-ID: <1109878491.21167.15.camel at localhost.localdomain>
> Content-Type: text/plain
>
> On Wed, 2005-03-02 at 10:08 -0500, Eric Warnke wrote:
>> Hello all,
>>
>> I have unsucessfully been attempting to find out through both
>> documentation, testing, and internet sources if I can get consolehelper
>> to act more like sudo rather than su. Right now my problem is that
>> there is NO WAY to roll this out to more users as a desktop alternative
>> without giving them some power user ability ( printers, date and time,
>> removable storage managment, ... ). Right now in order to give them
>> access to these applications AFAICT I must either give the users the
>> root password ( not gonna happen ) or create a pam.d file so that there
>> is no password prompt ( pam_wheel with trust option ). Neither of these
>> is a truly acceptable option at this point.
>>
>> Any change should try to keep the system as close to baseline as
>> possible, I would prefer not to rip out the consolehelper system, but I
>> will if I have to. The featureset I want is identical to sudo, but I
>> will make accomidations as long as I can allow users to run a specific
>> command after prompting for the users password.
>
> You can probably just set things up with sudo... I'm not sure how
> involved that is.
>
> I do think consolehelper knows how to require user password instead of
> root password though. You may have more luck finding help with this on
> fedora-list or IRC than on this list. I'm not sure of the syntax myself
> but I'm pretty sure you want to edit the /etc/pam.d files.
>
> All this "end user desktop" stuff that requires root I consider a bug
> btw, if you want to file a bugzilla for the individual items that would
> be helpful. If you get NOTABUG/WONTFIX from someone at Red Hat let me
> know and I'll tell them they are wrong.
>
> Havoc
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 3 Mar 2005 14:56:20 -0500
> From: Matthew Miller <mattdm at mattdm.org>
> Subject: Re: Make consolehelper more liske sudo?
> To: Discussions about development for the Fedora desktop
> <fedora-desktop-list at redhat.com>
> Message-ID: <20050303195620.GA15219 at jadzia.bu.edu>
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, Mar 02, 2005 at 10:08:07AM -0500, Eric Warnke wrote:
>> I have unsucessfully been attempting to find out through both
>> documentation, testing, and internet sources if I can get consolehelper
>> to act more like sudo rather than su. Right now my problem is that
>> there is NO WAY to roll this out to more users as a desktop alternative
>> without giving them some power user ability ( printers, date and time,
>
> This may help. As of Fedora Core 3, the "UGROUPS" patch is in usermode.
> From
> the userhelper man page:
>
> UGROUPS
> A comma-separated list of groups whose members will be authen-
> ticated as if USER were set to the special value <user>. If the
> invoking user is not a member of one of these groups, the name
> defined in USER will be used as normal. For example, setting
> UGROUPS to wheel and USER to root allows members of wheel (tra-
> ditionally used for administrative privileges) to authenticate
> with their own credentials and requires other users to provide
> the root password.
>
> So, for example, if /etc/security/console.apps/system-config-users looks
> like this:
>
> USER=root
> PROGRAM=/usr/share/system-config-users/system-config-users
> SESSION=true
> UGROUPS=wheel
>
> members of the wheel group will be able to authenticate with their own
> passwords, and others will need the root password.
>
> We've made this the default for all of the system-config-* apps here at
> BU
> for several years with good results; it might be nice to also make it the
> default in future versions of Fedora. (Although this is a pretty big
> default
> security policy change, it *is* basically the traditional meaning of the
> "wheel" group.)
>
>
>
>
> Caveat: I just noticed that the little "keys" gnome-panel icon doesn't
> work
> with this, and I'm trying to figure out what should be done about that.
>
--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
More information about the Fedora-desktop-list
mailing list