Local users get to play root?
Jeff Garzik
jgarzik at pobox.com
Wed Nov 18 21:27:14 UTC 2009
On 11/18/2009 12:45 PM, Bastien Nocera wrote:
> On Wed, 2009-11-18 at 18:08 +0100, nodata wrote:
>> Yikes! When was it decided that non-root users get to play root?
>>
>> Ref:
>> https://bugzilla.redhat.com/show_bug.cgi?id=534047
>>
>> This is horrible!
>
> Seems fair as the default for a desktop installation.
>
> Once we get the new user management stuff into F13 [1], we'd probably
> tighten that rule so that only admins are given the option, or all users
> but with the need to authenticate as an admin.
No, the sane security answer is to least privileges as-is (require root)
until your "new user management stuff" is ready.
Re-read your own post, and realize you proposed:
FC1+: secure
F12: insecure
F13+ secure again
This is a hugely inconsistent security policy, a special case that
administrators must un-learn and re-learn as they go through Fedora
versions.
Jeff
More information about the fedora-devel-list
mailing list