An ordinary user's perspective of Linux (was Re: Make consolehelper more liske sudo?)
Kyrre Ness Sjobak
kyrre at solution-forge.net
Sat Mar 5 14:54:28 UTC 2005
lør, 05.03.2005 kl. 14.52 skrev Parameshwara Bhat:
> Dear List,
>
> I am a curious member of this list and an ordinary user of Linux ; so
> excuse me for breaking into a learned debate.I want to give a perspective
> of my end,following the threads between Havoc, Matthew and David.
>
> I use Fedora at home and office. Nowhere I can have the support of learned
> linux experts at my beck and call; Also, I have installed the OS and
> created root and other users. All passwords are available with me.Working
> as a user,by the number of times I have to invoke 'root',I wonder why I
> should not be working as root itself ?.
>
Because of security - a flaw in a "user" app could then affect the whole
machine.
What situations do you have to invoke root?
> By the discussions I have seen here and elsewhere, it appears most linux
> experts and creators are basically contemptous of such a user as me. I am
> sane, responsible and intelligent, but just not a linux expert. I have my
> job and I want computer to be an unhindering aid and a provider of
> entertainment.Why should I be required to know the intricacies of the OS ?
> When the CD is locked and unmountable, unejectable; profound sermons on
> the security aspects of linux hardly makes sense.
>
That is a bug - an annoying one as well. gnome-vfs mount should *really*
give some hint about what locks the removable media
> While completely respecting the concerns of security and stability;
> borderlines of zones and the security matrix can always be redefined and
> redesigned if you know exactly what you want to give the end user.OS and
> programs like shirts and pants need to be tailored to users.
>
> I am a devoted user of Linux and Fedora. But what a stupid it makes of me!
> Without the root password I just cannot imagine keeping this box running
> and making any use of it.In a regulated office environment(unlike
> mine)where I wouldn't be having the root password, I do not think I will
> be able to use it with any amount of ease.In contrast, much maligned
> Windows pampers me!So nice and considerate of my needs with all it's flaws
> and weaknesses.Without the root password and a great deal of 'googli'ng
> and 'maillist'ng, I couldnot have sustained Linux on this box.
> Again,compare this with Windows.
>
As an administrator of a small network of Linux(fedora) machines, the
users very seldom ask me to help them with something involving root.
They use the machines for internet, text processing etc., image editing,
some do programming, printing stuff, video/sound etc. I have all the
workstations identically configured (stock fc3 with some extra apps) -
and nobody ever complains. But i do sometimes get the nice "thanks for
running that Linux net! those machines are so much less trouble to use,
and everything is so much more logically laid out than in windows!"
comments.
Administration is done through the net using a small self-written
utility called "admin-script". Basically i make sure the users have what
they need, and the users are happy. When the users are happy, i am
happy. So the situation of having a knowing administrator that just
takes care of "stuff" and the situation where every users have to be
their own admin, are vastly different. In the first situation
Linux/fedora is doing really great - using a Linux machine is a
no-brainer, administrating one takes some knowledge and isn't (yet) as
intuitive as Windows administration (but having experienced both OS's,
and having the needed knowledge, ill take Linux over Windows any day).
But i do agree that more intuitive (grapical poin't click + wizards to
do "inital setup") configuration tools are needed for Linux to do get
really wide market acceptance. SuSE has Yast - which do provide such
functions in an intuitive way. Redhat/Fedora has system-config-*, which
also gives a mostly intuitive way to configure "stuff" - but it doesn't
cover a wide enough area. Some system-config tools are great (such as
the network one), some are no so great (such as the apache one -
covering only a few of apaches functions), and some are still
non-existant (such as the yum one).
> When will Linux and Fedora learn to respect me and users like me or will
> it at all? Answer to that will be the key to whether it can really compete
> with MS
>
I think it does respect you kind of users as well - there are a hugely
growing number of them. Keep in mind that Linux has traditionally been
used by people with great knowledge of computers, and not by
"consumers". Much is therefore yet tuned for that user group, and it is
a hard task to cater regular consumers as well as the first group. But
things are improving at a fast pace!
> Parameshwara Bhat
>
> On Fri, 4 Mar 2005 12:00:18 -0500 (EST),
> <fedora-desktop-list-request at redhat.com> wrote:
>
> > Send Fedora-desktop-list mailing list submissions to
> > fedora-desktop-list at redhat.com
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://www.redhat.com/mailman/listinfo/fedora-desktop-list
> > or, via email, send a message with subject or body 'help' to
> > fedora-desktop-list-request at redhat.com
> >
> > You can reach the person managing the list at
> > fedora-desktop-list-owner at redhat.com
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Fedora-desktop-list digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Re: Make consolehelper more liske sudo? (Havoc Pennington)
> > 2. Re: Make consolehelper more liske sudo? (Matthew Miller)
> > 3. Re: Make consolehelper more liske sudo? (Matthew Miller)
> > 4. Re: Make consolehelper more liske sudo? (David Zeuthen)
> > 5. Re: Make consolehelper more liske sudo? (Matthew Miller)
> > 6. Re: Make consolehelper more liske sudo? (Havoc Pennington)
> > 7. Re: Make consolehelper more liske sudo? (Havoc Pennington)
> > 8. Re: Make consolehelper more liske sudo? (Eric Warnke)
> > 9. Re: Make consolehelper more liske sudo? (Matthew Miller)
> > 10. Re: Make consolehelper more liske sudo? (David Zeuthen)
> > 11. Re: Make consolehelper more liske sudo? (Matthew Miller)
> > 12. Re: Make consolehelper more liske sudo? (Havoc Pennington)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Thu, 03 Mar 2005 14:34:51 -0500
> > From: Havoc Pennington <hp at redhat.com>
> > Subject: Re: Make consolehelper more liske sudo?
> > To: Discussions about development for the Fedora desktop
> > <fedora-desktop-list at redhat.com>
> > Message-ID: <1109878491.21167.15.camel at localhost.localdomain>
> > Content-Type: text/plain
> >
> > On Wed, 2005-03-02 at 10:08 -0500, Eric Warnke wrote:
> >> Hello all,
> >>
> >> I have unsucessfully been attempting to find out through both
> >> documentation, testing, and internet sources if I can get consolehelper
> >> to act more like sudo rather than su. Right now my problem is that
> >> there is NO WAY to roll this out to more users as a desktop alternative
> >> without giving them some power user ability ( printers, date and time,
> >> removable storage managment, ... ). Right now in order to give them
> >> access to these applications AFAICT I must either give the users the
> >> root password ( not gonna happen ) or create a pam.d file so that there
> >> is no password prompt ( pam_wheel with trust option ). Neither of these
> >> is a truly acceptable option at this point.
> >>
> >> Any change should try to keep the system as close to baseline as
> >> possible, I would prefer not to rip out the consolehelper system, but I
> >> will if I have to. The featureset I want is identical to sudo, but I
> >> will make accomidations as long as I can allow users to run a specific
> >> command after prompting for the users password.
> >
> > You can probably just set things up with sudo... I'm not sure how
> > involved that is.
> >
> > I do think consolehelper knows how to require user password instead of
> > root password though. You may have more luck finding help with this on
> > fedora-list or IRC than on this list. I'm not sure of the syntax myself
> > but I'm pretty sure you want to edit the /etc/pam.d files.
> >
> > All this "end user desktop" stuff that requires root I consider a bug
> > btw, if you want to file a bugzilla for the individual items that would
> > be helpful. If you get NOTABUG/WONTFIX from someone at Red Hat let me
> > know and I'll tell them they are wrong.
> >
> > Havoc
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Thu, 3 Mar 2005 14:56:20 -0500
> > From: Matthew Miller <mattdm at mattdm.org>
> > Subject: Re: Make consolehelper more liske sudo?
> > To: Discussions about development for the Fedora desktop
> > <fedora-desktop-list at redhat.com>
> > Message-ID: <20050303195620.GA15219 at jadzia.bu.edu>
> > Content-Type: text/plain; charset=us-ascii
> >
> > On Wed, Mar 02, 2005 at 10:08:07AM -0500, Eric Warnke wrote:
> >> I have unsucessfully been attempting to find out through both
> >> documentation, testing, and internet sources if I can get consolehelper
> >> to act more like sudo rather than su. Right now my problem is that
> >> there is NO WAY to roll this out to more users as a desktop alternative
> >> without giving them some power user ability ( printers, date and time,
> >
> > This may help. As of Fedora Core 3, the "UGROUPS" patch is in usermode.
> > From
> > the userhelper man page:
> >
> > UGROUPS
> > A comma-separated list of groups whose members will be authen-
> > ticated as if USER were set to the special value <user>. If the
> > invoking user is not a member of one of these groups, the name
> > defined in USER will be used as normal. For example, setting
> > UGROUPS to wheel and USER to root allows members of wheel (tra-
> > ditionally used for administrative privileges) to authenticate
> > with their own credentials and requires other users to provide
> > the root password.
> >
> > So, for example, if /etc/security/console.apps/system-config-users looks
> > like this:
> >
> > USER=root
> > PROGRAM=/usr/share/system-config-users/system-config-users
> > SESSION=true
> > UGROUPS=wheel
> >
> > members of the wheel group will be able to authenticate with their own
> > passwords, and others will need the root password.
> >
> > We've made this the default for all of the system-config-* apps here at
> > BU
> > for several years with good results; it might be nice to also make it the
> > default in future versions of Fedora. (Although this is a pretty big
> > default
> > security policy change, it *is* basically the traditional meaning of the
> > "wheel" group.)
> >
> >
> >
> >
> > Caveat: I just noticed that the little "keys" gnome-panel icon doesn't
> > work
> > with this, and I'm trying to figure out what should be done about that.
> >
>
>
>
> --
> Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
More information about the Fedora-desktop-list
mailing list