Re: [OLPC devel] su/sudo or not to sudo/su (was PATCH: add --loginpause to mingetty)
ffm wrote: On Jan 10, 2008 11:37 PM, Iain (OLPC) Davidson [EMAIL PROTECTED] wrote: I typically like the solution of $ sudo bash Just a comment on that: Since most of our users will not know much about computers, having them exit will just add another step which they will forget to do, and the one time they are logged in as root will be the one time they rm -rf / sudo in front of every as-root command is not too hard, right? Especialy once we get paste working. -ffm Another part to make the sudo command enjoyable is auto completion. When invoking a sudo command you can not auto-complete for example: sudo sugar-cont[tab] does not auto-complete. The bash-completion (141K) package solves this, which I tried on my F8 machine. Maybe worth an inclusion since the completion works as well for other cases like: yum in[tab] (even so in the case of 'yum install b[tab]' it takes a while to list the packages). Best, Simon ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [OLPC devel] su/sudo or not to sudo/su (was PATCH: add --loginpause to mingetty)
Simon Schampijer wrote: does not auto-complete. The bash-completion (141K) package solves this, which I tried on my F8 machine. Maybe worth an inclusion since the completion works as well for other cases like: yum in[tab] (even so in the case of 'yum install b[tab]' it takes a while to list the packages). I love bash-completion and I use it everywhere, but I'd not support adding it to the base OS for the same reason we do not install vim-enhanced, links, lftp and all the other nice console tools. The default console environment should be just good enough to perform system recovery, and special administrative tasks which have no UI yet. Our OS images have grown over 300MB! I think we could get them back to 200MB or so just by dropping useless dependencies and splitting a few packages. -- \___/ |___| Bernardo Innocenti - http://www.codewiz.org/ \___\ One Laptop Per Child - http://www.laptop.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
[OLPC devel] su/sudo or not to sudo/su (was PATCH: add --loginpause to mingetty)
Bernardo, FYI, I just recently updated from build 650 (G1G1 factory build) to Update.1675. Noticed a different behavior for accessing *root account* and functions. I used to be able to open Terminal (or Ctrl-Alt-Neighborhood) and the following at the unix/bash prompt. $ su - or $ su -l But now, after the update, those don't seem to work. But I did discover the alternative method.. $ sudo command I typically like the solution of $ sudo bash for several root level commands. QUESTION: Which direction is OLPC/XO Laptop headed for doing updates and installation of software ? One could also, limit the programs which can be run under 'sudo', as another solution. Issue is definitely complex and no easy solution apparent ! -Iain On Jan 9, 2008 4:20 PM, Bernardo Innocenti [EMAIL PROTECTED] wrote: Hello Florian, the attached patches add an option to pause login until the user hits a key. We need something like it on OLPC because: - we don't want to set an empty password for either user root or olpc - at the same time, we want to allow users to login as root at the console - finally, we do not wish to waste memory on shells the user hasn't yet used The security model we are implementing is very different from UNIX: we ultimately trust the user at the console, but we don't trust applications and we don't want them to gain root privileges using su or sudo with no password. I'm committing these changes to the OLPC-2 branch of mingetty in Fedora CVS. Please, let me know you'd like to merge them or something similar. -- \___/ |___| Bernardo Innocenti - http://www.codewiz.org/ \___\ One Laptop Per Child - http://www.laptop.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [OLPC devel] su/sudo or not to sudo/su (was PATCH: add --loginpause to mingetty)
On Jan 10, 2008 11:37 PM, Iain (OLPC) Davidson [EMAIL PROTECTED] wrote: I typically like the solution of $ sudo bash Just a comment on that: Since most of our users will not know much about computers, having them exit will just add another step which they will forget to do, and the one time they are logged in as root will be the one time they rm -rf / sudo in front of every as-root command is not too hard, right? Especialy once we get paste working. -ffm ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel