Mikus Grinbergs wrote: > The 2008-1-12 OLPC News says "... so that we can finally disable the > root and olpc passwords". > > The way I have my G1G1 system set up (I have no wireless) I *need* > to ftp in. For that, I have set a password for olpc. It would be > ok with me to set up a different user+password for ftp, but would > *not* be ok for password support to be "disabled". > > Also, I don't believe in the "political correctness" of not using > root. I do need to install/remove/change things as root, and > *strongly* prefer not to use 'sudo' for that -- I log in as root, > and am willing to take the risk of committing a disastrous mistake. > Here, too, having a password seems "natural" to me. > > I agree with the aim of making the OLPC simple to use, but please > don't take passwords away entirely. > > mikus > > > p.s. I presume the existing 'passwd' command was taken from Fedora. > It is too paranoid, forbidding too_short passwords, > too_homogeneous passwords, too_similar passwords, etc., etc., etc. > Such rules may be needed for a datacenter - but for a schoolroom? > > > _______________________________________________ > Devel mailing list > Devel@lists.laptop.org > http://lists.laptop.org/listinfo/devel >
Typical Linux practice is the following: 1. One *never* allows remote shell login as "root" -- *ever* -- even behind a firewall. One allows only *one* user in the "wheel" group to log in to a shell account, and then *only* via "ssh". 2. When root access is needed, "sudo" is used, with the least permissive mode possible. 3. "ftp" is done using "sftp" and/or "scp". For Windows clients, there's PuTTY. Anything less than this level of security is a bad habit -- a *very* bad habit. Please don't encourage such habits, or ask the open source community to cater to them. _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel