edit root alias when installing the OS

n0dalus n0dalus+redhat at gmail.com
Sun Jan 8 07:32:03 UTC 2006 

On 1/8/06, Michael A. Peters <mpeters at mac.com> wrote:
> On Sun, 2006-01-08 at 13:21 +1030, n0dalus wrote:
>
> >
> > I think the current system is fine as it is -- I don't see why some
> > people are so keen on removing the root password.
>
> If I were modifying Fedora for desktop users (and I don't think this is
> a safe general default - but if say I was Dell or someone selling Linux
> for the Desktop based on Fedora) - I would make the following change -
>
> I would make an option to add the firstboot user to the wheel group.
> The gui sysconfig-* tools (with perhaps a few exceptions) - if the tool
> is requested by the pam_console user AND the user is a member of the
> wheel group, that would be sufficient authentication to run the tool
> without root password.
>
> I would not do it for the user administration tool, however - I would
> still require root password to manage system users. But sound card
> detection, network device configuration, Printing, etc. - that's how I
> would do it. It doesn't require use of sudo, or use of the command line
> at all.
>

Perhaps a better option, while it might require a lot of development,
is to let users do more things without touching the actual system (or
it could be handled by a daemon). Things like Printing, network device
configuration, sound cards, system language settings etc might all be
changeable on a per-user basis (with some restrictions) without you
having to run anything with higher-privileges. For example, using
system-config-language would change the Language for the current user
only -- other users are not affected by the change. My non-English
speaking friends could easily have an account on my computer and set
their own language with a graphical tool, without me changing the
language for the entire system (this is probably possible already, but
I don't know how.) There could be a tickbox to set the default
language for all users, and it would ask you for the root password
before proceeding.

Moving more settings and even some drivers into non-root userspace
allows for better management without needing to have users enter the
root password. I know this would all involve a lot of work and might
introduce problems, but I think parts of Linux are heading this way
already.

n0dalus.

More information about the fedora-devel-list mailing list