-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folderol wrote: > On Wed, 14 Jan 2009 06:56:39 -0500 > Dave Phillips <[email protected]> wrote: > >> Gustin Johnson wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Andy Farnell wrote: >>> >>>> On Wed, 14 Jan 2009 12:21:34 +0200 (SAST) >>>> [email protected] wrote: >>>> >>>> >>>>>> Yes, I know you can get round it by setting a root password. If I wanted >>>>>> my distro to dictate my behaviour, I'd use a Mac. >>>>>> *froth* >>>>>> >>>>> It annoys me as well. The fact that I have to enter the password after >>>>> >>>> It's a very poor (prescriptive and arrogant) design decision. People >>>> using a distro like 64Studio are likely able to make an informed >>>> choice. Creating a root account should be an install option, and it >>>> should be _enabled_ by default. >>>> >>>> >>> The root account has been created. All that is missing is a password. >>> I still don't see the arrogance of this. Using sudo is a good habit to >>> get into, what exactly is the problem with encouraging new users to >>> develop good habits? >> I'm with Gustin on this one. At first I didn't like Ubuntu's insistence >> on sudo, but it doesn't matter to me now. The only times I need su >> privileges are when I'm performing administative tasks, mostly >> installing stuff from repos or my own builds. Everything is still >> copacetic here. :) >> >> Best, >> >> dp > > I don't like sudo at all. In the first place I regard it as a > weakening of security, in that to get admin privilege you only need > your login password, rather than a completely separate one. > > Also, when doing admin work it is rare that I want to use a single > command. I normally want to perform a block of operations in a terminal > window then close it when I've finished. At the same time I don't want > a sudo shell. I want it to be a conscious decision on my part that > 'here be dragons'.
As a sysadmin I like the granularity that sudo provides. I can limit what certain users have access to. The DBA can only restart mysql and postgres, the mail admins can only restart ldap, exim, and cyrus. This way none of them gets the root password, I do not have to deal with SUID scripts, and I get logging to boot. > > Unless there is a simple way to set up an access a proper root account, > I guess I'll be sticking with 2.1 then :( > sudo passwd You could also configure PAM to allow logins for accounts without passwords, but that is just insane IMO. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkluQ/MACgkQwRXgH3rKGfMxnACgrg58rUc6AYu906gKowhwPe42 bJMAoIVjjkXTO2qKbfcdAuwLlpnezU9S =dtO8 -----END PGP SIGNATURE----- _______________________________________________ 64studio-users mailing list [email protected] http://lists.64studio.com/mailman/listinfo/64studio-users
