On Sun, Aug 18, 2013 at 7:32 PM, Brian <a...@cityscape.co.uk> wrote: > On Sun 18 Aug 2013 at 06:51:04 +0900, Joel Rees wrote: > >> On Sun, Aug 18, 2013 at 4:03 AM, Brian <a...@cityscape.co.uk> wrote: >> > On Sun 18 Aug 2013 at 03:12:39 +0900, Joel Rees wrote: >> > >> >> But debian's installer tries to encourage the user to not enable root, >> > >> > No, it doesn't. >> >> Perhaps you would rather I said something like, it gives the option to >> establish an initial account and tells the person performing the >> install >> >> if root login is enabled, >> the initial account will not be an admin account, >> but if root login is disabled, >> the initial account will be a member of the sudo group >> and thus an admin account, >> and, by the way, you might prefer to not enable root login. >> >> Is that closer to what the installer does in your opinion? > > Yes, closer but the installer doesn't adopt a stance on sudo versus > root login. The wordings presented to the user are: > > If you choose not to allow root to log in, then a user account will be > created and given the power to become root using the 'sudo' command.
Hmm. I think I was reading my prejudices into that. > and > > You need to set a password for 'root', the system administrative > account. A malicious or unqualified user with root access can have > disastrous results, so you should take care to choose a root password > that is not easy to guess. It should not be a word found in dictionaries, > or a word that could be easily associated with you. > . > A good password will contain a mixture of letters, numbers and punctuation > and should be changed at regular intervals. > . > The root user should not have an empty password. Ah, I think I was misreading this part, again, according to my prejudices. > If you leave this > empty, the root account will be disabled and the system's initial user > account will be given the power to become root using the "sudo" > command. Maybe I need to file a feature request (for my own satisfaction, even if it gets rejected). What I lean towards is providing the installing user (1) the opportunity to set the root password, (2) the opportunity to set a separate admin account and password (member of sudo group on debian), and (3) the opportunity to set a separate non-admin work account and password. (To go into more detail, I'd go so far as to present a few l33t5pe@k-ed randomized-with-entropy example passphrases at each step, though not actually putting anything into the password entry field. I'm a bit aggressive about pushing good passwords. Of course, that requires a largish spelling dictionary in the installer, to pull the random passphrases from. :-/) Anyway, I can see I've been reading the installer in the context of my opinions about the ideal minimum number of accounts. -- Joel Rees -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caar43ipexcpxfmuugj4wpej3btl7zmee26fxboe7xriyhtg...@mail.gmail.com
