More in response to the riled-up masses than to Michael's reasonable post, I want to point out the debate is about a default setting in PolicyKit, not something specific to Fedora.
On Thu, Nov 19, 2009 at 10:16:53AM -0700, Michael Torrie wrote: > > Normal users? Just how many ubuntu and fedora users even have "admins?" > This idea that there are users and admins is fine in an enterprise, or > possibly in a household with teenage kids. But 99% of all ubuntu and > fedora installs are single-user home systems. The idea of a admin is > laughable. I never realized how elitist we can be sometimes until I > read the furor on slashdot over non-root package installs on Fedora 12. Since 71.3% of all statistics are made up on the spot, I'm not sure I trust your 99% number. Here are a few things that you might not have considered in your estimate: 1) Any desktop or laptop I set up is a multi-user system, with accounts for various family members and friends (do you really want it to be brain-dead easy for your kids to install the "p0rn-comfort" package?). 2) Does your 99% number take into account computer labs? For example, there are some 100 Fedora machines in the CS department open labs; for 99% to be home users, there would have be 9,900 single-user installs to offset these 100 machines. To offset the 30 machines in our single research lab, there would have to be 2,970 single-user machines out there. 3) If I install a machine for a computer-illiterate family member or friend, they consider me the admin. In most cases, I've made sure that they have the root password, but this isn't always desirable. > Furthermore, the policykit setting in F12 to allow non-root installs > will only grant them to a user on the console. If you've got console > access, you have root, so it's not the security issue that everyone on > slashdot tried to make it out to be. I say this frequently, but it isn't always true. For example, the CS department has lab monitors, BIOS/GRUB passwords, and cameras for the express purpose of giving people console access without letting them have unlimited control. Anyway, I think the fundamental issue going on here is that Linux has recently been including new systems like udev, dbus, PolicyKit, NetworkManager, etc. These systems are frequently changing and are often being deprecated before admins have a chance to really get comfortable with them (e.g., devfs and consolekit). Documentation is lacking, administration tools are missing, and config file formats are inconvenient. Consider PolicyKit which used to have an XML config file, and GDM which can now only be configured through gconf. Gconf makes you pick between two poisons (a nasty tool (gconftool-2) or XML config files). Don't even get me started on configuring Firefox. Administratability, if that's a word, has definitely declined over the last five years. I think it's more growing pains than a permanent loss, but there is definitely a ton of work to be done. In my opinion, the PolicyKit debate isn't just about the mildy insecure defaults; it's also about how administrators feel like they don't even know what's on their systems anymore. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868 -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
