user created at install added in sudoers ?
snecklifter at gmail.com
Wed Jun 20 08:53:21 UTC 2007
On 20/06/07, n0dalus <n0dalus+redhat at gmail.com> wrote:
> On 6/20/07, Chris Brown <snecklifter at gmail.com> wrote:
> > [...] In my opinion (and many
> > others) this is A Good Thing(tm) and would be of benefit to the majority
> > people. It would also result in a more secure Fedora which I think we
> > all agree is a good thing. So lets get it debated (FESCo?) and hear some
> > arguments against because so far yours appears to be the only one and it
> > sucks.
> In what way would it benefit a majority of users?
Please go back and read the thread for the arguments for doing this.
I could be wrong,
> but I suspect the majority of Fedora installations only have one
> administrator, in which case, sudo actually ends up making things
> _less_ secure (it provides another account by which root access can be
> cracked). The majority of Fedora setups, including many ones with just
> two or three administrators, would never have a need for revokable
> root access (which is the only real advantage sudo gives).
No, its not. It means newbies understand the concept of root better (and
don't run everything as root) and, as I have already said, I consider it
more secure as it allows me to temporarily escalate privs to run a program
requiring root in the knowledge that I can forget about having to exit the
root shell afterwards. Which is nice.
I personally don't think it's an option that needs to be in the
> installer, since in the majority of cases it is not even helpful. In
> the other few cases, the person running the installation/firstboot
> will setup (and hence know) the root password themselves, so there is
> no need for a checkbox to add themselves to sudoers.
Except for the reasons I have given above.
Sudo is only really useful in multi-administrator environments, where
> root access needs to be revokable.
Again, I don't agree.
For this case, it should be
> presented as an option in system-config-users so second and subsequent
> administrators can be set up,
That idea I _do_ like.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the fedora-devel-list