Lennart Poettering wrote:
[...]
> Gah. Allowing packages to pierce the firewall just makes the firewall
> redundant.
Not entirely.
> I still think that the current firewall situation on Fedora is pretty
> much broken. It's a bit like SELinux: it's one of the first features
> most people disabl
On Thu, 18 Jun 2009, Martin Langhoff wrote:
On Sun, Jun 14, 2009 at 8:08 PM, Lennart Poettering wrote:
Gah. Allowing packages to pierce the firewall just makes the firewall
redundant.
True
A firewall is an extra layer of security that
simply hides the actual problem.
Um!? Layered securi
On Sun, Jun 14, 2009 at 8:08 PM, Lennart Poettering wrote:
> Gah. Allowing packages to pierce the firewall just makes the firewall
> redundant.
True
> A firewall is an extra layer of security that
> simply hides the actual problem.
Um!? Layered security is a _good thing_. *All* the network daemo
On Mon, 15 Jun 2009 18:35:00 -0300
Martín Marqués wrote:
> 2009/6/15 Casey Dahlin :
> >
> > Maybe we should just make the command line more friendly so users
> > don't mind reaching for it. I vote we add clippy.
>
> You're joking, right?
>
It's *clippy* - of course it's a joke. :-)
I'm sure t
On 06/16/2009 07:57 PM, Adam Williamson wrote:
On Mon, 2009-06-15 at 12:22 -0800, Jeff Spaleta wrote:
On Mon, Jun 15, 2009 at 11:42 AM, Casey Dahlin wrote:
The ability for nautilus to prompt for credentials when the user tries to do
something outside his permission level has been mi
On Tue, 2009-06-16 at 16:17 -0800, Jeff Spaleta wrote:
> Its the next circle, the less frequent administrative chore tasks,
> that I'm not sure its well defined in terms of which applications need
> PolKit support added in. Maybe Nautilus is that circle, maybe its not.
> Maybe its not time to star
On Tue, Jun 16, 2009 at 3:57 PM, Adam Williamson wrote:
> Ve haf zer technology, already. :) it's just a case of adding code to
> more apps to take advantage of the awesomeness of PolicyKit, and I
> believe this is scheduled to happen.
I grok PolicyKit. I'll recast my statement. Has anyone draw a
On Mon, 2009-06-15 at 12:22 -0800, Jeff Spaleta wrote:
> On Mon, Jun 15, 2009 at 11:42 AM, Casey Dahlin wrote:
> > The ability for nautilus to prompt for credentials when the user tries to
> > do something outside his permission level has been missing for far too
> > long. Its annoying to impleme
On Tue, 2009-06-16 at 16:39 -0700, Adam Williamson wrote:
> On Sun, 2009-06-14 at 19:36 +0100, Matthew Garrett wrote:
>
> > > there is an interesting issue;
> > > if you poke a hole in your firewall for all the ports that are listening
> > > automatically. you might as well not have a firewall
On Sun, 2009-06-14 at 19:36 +0100, Matthew Garrett wrote:
> > there is an interesting issue;
> > if you poke a hole in your firewall for all the ports that are listening
> > automatically. you might as well not have a firewall in the first
> > place...
>
> Well, not exactly. For instance, mak
Charles Butterfield wrote:
> * My "supported" NVIDIA card (Quadro NVS 295)
Supported by what? Who said it's supported? If it's NVidia, that's
irrelevant, as their driver is proprietary and NOT supported or included in
Fedora.
Kevin Kofler
--
fedora-devel-list mailing list
fedora-dev
Lennart Poettering wrote:
On Mon, 15.06.09 12:41, Thomas Woerner (twoer...@redhat.com) wrote:
So, what should happen here? Should we leave the firewall enabled in
these cases* by default and require admins to open them? If so, is
there any way that we can make this easier in some
Packagekit-
Le Lun 15 juin 2009 20:47, Casey Dahlin a écrit :
>
> On 06/14/2009 02:08 PM, Lennart Poettering wrote:
>> Gah. Allowing packages to pierce the firewall just makes the
>> firewall
>> redundant.
>>
>
> Not true. Allowing any listening program to poke a hole in the
> firewall would make it redundan
On Mon, Jun 15, 2009 at 12:33 PM, Casey Dahlin wrote:
> Maybe we should just make the command line more friendly so users don't mind
> reaching for it. I vote we add clippy.
I'm not saying that necessarily needs to be friendlier to use but it
may need to be more discoverable as to when it is exp
On Mon, Jun 15, 2009 at 10:33 PM, Casey Dahlin wrote:
>
> Maybe we should just make the command line more friendly so users don't mind
> reaching for it. I vote we add clippy.
yum install hotwire ;)
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/li
On Mon, Jun 15, 2009 at 2:34 AM, Lennart Poettering wrote:
> On Sun, 14.06.09 16:11, Jeff Spaleta (jspal...@gmail.com) wrote:
>
>>
>> On Sun, Jun 14, 2009 at 3:36 PM, Lennart Poettering
>> wrote:
>> > Are you speaking of the same smolt that lists es1371 as most popular
>> > sound card? i.e. a soun
2009/6/15 Casey Dahlin :
>
> Maybe we should just make the command line more friendly so users don't mind
> reaching for it. I vote we add clippy.
You're joking, right?
--
Martín Marqués
select 'martin.marques' || '@' || 'gmail.com'
DBA, Programador, Administrador
--
fedora-devel-list mailing
On 06/15/2009 04:22 PM, Jeff Spaleta wrote:
> On Mon, Jun 15, 2009 at 11:42 AM, Casey Dahlin wrote:
>> The ability for nautilus to prompt for credentials when the user tries to do
>> something outside his permission level has been missing for far too long.
>> Its annoying to implement, but I'll o
On Mon, Jun 15, 2009 at 11:42 AM, Casey Dahlin wrote:
> The ability for nautilus to prompt for credentials when the user tries to do
> something outside his permission level has been missing for far too long. Its
> annoying to implement, but I'll owe a beer to whoever finally does it.
I just th
Matthew Woehlke wrote:
Configuration is fine, just as long as there /is/ configuration and not
running a service always exposes it to the world with no way to prevent
that. (Prevention by editing init-scripts doesn't count ;-).)
That's terrible. Unfortunately, I noticed after hitting 'send' :-
On 06/14/2009 09:13 PM, Simo Sorce wrote:
> On Sun, 2009-06-14 at 14:23 -0800, Jeff Spaleta wrote:
>> On Sun, Jun 14, 2009 at 6:45 AM, Simo Sorce wrote:
>>> I haven't done a graphical root login in the past 10 years probably and
>>> on multiple distribution. Graphical root login is meaningless.
>>
(Can you please configure your mailer to either wrap lines and/or use
format-flowed?)
Casey Dahlin wrote:
On 06/15/2009 03:19 PM, Matthew Woehlke wrote:
Casey Dahlin wrote:
Really, init scripts should open the firewall ports they need when
their service comes up (and I'll propose something fo
On Mon, 15 Jun 2009, Lennart Poettering wrote:
> On Mon, 15.06.09 14:47, Dave Jones (da...@redhat.com) wrote:
>
> > > > > Are you speaking of the same smolt that lists es1371 as most popular
> > > > > sound card? i.e. a sound card that has been out of production since
> > > > > about 10 years n
On 06/15/2009 03:19 PM, Matthew Woehlke wrote:
> Casey Dahlin wrote:
>> Really, init scripts should open the firewall ports they need when
>> their service comes up (and I'll propose something for upstart 1.0
>> later today to make that make more sense.)
>
> How is that supposed to work when I onl
Casey Dahlin wrote:
Really, init scripts should open the firewall ports they need when
their service comes up (and I'll propose something for upstart 1.0
later today to make that make more sense.)
How is that supposed to work when I only want to allow connections to a
service on a whitelist of
On 06/15/2009 03:04 PM, Robert Marcano wrote:
> On Mon, Jun 15, 2009 at 2:17 PM, Casey Dahlin wrote:
>> The problem that does arise is: just because apache is installed doesn't
>> mean its running. Really, init scripts should open the firewall ports they
>> need when their service comes up (and I
On Mon, 15 Jun 2009, Seth Vidal wrote:
On Mon, 15 Jun 2009, Lennart Poettering wrote:
On Mon, 15.06.09 14:47, Dave Jones (da...@redhat.com) wrote:
As already mentioned, smolt never heard of HDA. Either I am blind or
there is no trace at all of HDA devices in this web UI.
Maybe I'm con
On Mon, 15 Jun 2009, Lennart Poettering wrote:
On Mon, 15.06.09 14:47, Dave Jones (da...@redhat.com) wrote:
As already mentioned, smolt never heard of HDA. Either I am blind or
there is no trace at all of HDA devices in this web UI.
Maybe I'm confused - hda is the driver - bu the devices
On Mon, Jun 15, 2009 at 2:17 PM, Casey Dahlin wrote:
> The problem that does arise is: just because apache is installed doesn't mean
> its running. Really, init scripts should open the firewall ports they need
> when their service comes up (and I'll propose something for upstart 1.0 later
> toda
On Mon, 15.06.09 14:47, Dave Jones (da...@redhat.com) wrote:
> > > > Are you speaking of the same smolt that lists es1371 as most popular
> > > > sound card? i.e. a sound card that has been out of production since
> > > > about 10 years now? Somehow I have serious doubts about the validity
> >
On 06/14/2009 02:08 PM, Lennart Poettering wrote:
> Gah. Allowing packages to pierce the firewall just makes the firewall
> redundant.
>
Not true. Allowing any listening program to poke a hole in the firewall would
make it redundant. Packages are different. They're signed, vetted things
corresp
On Sun, Jun 14, 2009 at 09:57:56PM -0500, Mike McGrath wrote:
> On Sun, 14 Jun 2009, Mike McGrath wrote:
>
> > On Mon, 15 Jun 2009, Lennart Poettering wrote:
> >
> > > On Mon, 15.06.09 09:15, James Morris (jmor...@namei.org) wrote:
> > >
> > > >
> > > > On Sun, 14 Jun 2009, Lennart Poetter
On Sunday 14 June 2009, Richard Fearn wrote:
> > We have the "wheel" group which would fit the bill.
>
> Yeah, I always uncomment the %wheel line in sudoers and then add
> myself to that group.
Ditto.
See also https://bugzilla.redhat.com/show_bug.cgi?id=462161
--
fedora-devel-list mailing list
Jeff Spaleta wrote:
>
> I wonder, Would there be a reliable way to separate out emulated
> hardware inside the smolt database reliably so we can get a better
> statistical survey of in-service physical hardware devices?
QEMU inserts its name into the CPU string does it not? It could be
sorted tha
On Mon, Jun 15, 2009 at 8:34 AM, Bill Nottingham wrote:
> Lennart Poettering (mzerq...@0pointer.de) said:
>> It's not just that ens1371 is shown as unrealistically popular,
>
> es1371 is what either QEMU or VMWare emulates.
I wonder, Would there be a reliable way to separate out emulated
hardware
Lennart Poettering (mzerq...@0pointer.de) said:
> It's not just that ens1371 is shown as unrealistically popular,
es1371 is what either QEMU or VMWare emulates.
Bill
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
On Sun, Jun 14, 2009 at 21:10:38 +0200,
Lennart Poettering wrote:
>
> Also, if an application listens on 0.0.0.0 but should actually be
> listening on 127.0.0.1 then this is a bug, which is simply taped over
> by running a firewall. This really needs to be fixed in the
> application.
>
> I mea
On Mon, 15.06.09 12:41, Thomas Woerner (twoer...@redhat.com) wrote:
>>> So, what should happen here? Should we leave the firewall enabled in
>>> these cases* by default and require admins to open them? If so, is
>>> there any way that we can make this easier in some
>>> Packagekit-oriented man
On Sun, 2009-06-14 at 10:35 +0200, Martin Sourada wrote:
> On Sat, 2009-06-13 at 22:19 -0400, Charles Butterfield wrote:
> > * Samba (outbound) browsing requires firewall mods
> I don't know how Samba works, so forgive me if I say obvious stupidity,
> but shouldn't *client* work even behind
Matthew Garrett wrote:
On Sun, Jun 14, 2009 at 06:13:51PM +0200, Julian Aloofi wrote:
So, solving this is pretty easy, even for newbies. But I agree that the
error message will not help someone without advanced knowledge. Although
I think people running Samba generally will know where to look f
Lennart Poettering wrote:
On Sun, 14.06.09 18:34, Matthew Garrett (m...@redhat.com) wrote:
So, solving this is pretty easy, even for newbies. But I agree that the
error message will not help someone without advanced knowledge. Although
I think people running Samba generally will know where to l
Charles Butterfield, Sat, 13 Jun 2009 22:19:17 -0400:
> Okay, so I mostly love Fedora. However, here are 4 things that got by
> blood really, really boiling, so I thought I'd share my emotions. They
> are mostly policy issues, where I think you have gotten it very very
> wrong.
DON'T FEED THE TR
On 15/06/09 01:34, Lennart Poettering wrote:
what will smolt claim next? that santa claus exists?
You mean he doesn't :(
Frank
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
On 15/06/09 01:24, Guido Grazioli wrote:
That said, I agree the wheel group should be enabled with sudo, though
I disagree that the initial install user should be automatically added
to it.
But then again, I hate sudo :P I do most scripting that requires root
access via root
On Sun, 14 Jun 2009, Mike McGrath wrote:
> On Mon, 15 Jun 2009, Lennart Poettering wrote:
>
> > On Mon, 15.06.09 09:15, James Morris (jmor...@namei.org) wrote:
> >
> > >
> > > On Sun, 14 Jun 2009, Lennart Poettering wrote:
> > >
> > > > much broken. It's a bit like SELinux: it's one of the first f
On Mon, 15 Jun 2009, Lennart Poettering wrote:
> On Mon, 15.06.09 09:15, James Morris (jmor...@namei.org) wrote:
>
> >
> > On Sun, 14 Jun 2009, Lennart Poettering wrote:
> >
> > > much broken. It's a bit like SELinux: it's one of the first features
> > > most people disable.
> >
> > False.
> >
> >
On Sun, 2009-06-14 at 14:23 -0800, Jeff Spaleta wrote:
> On Sun, Jun 14, 2009 at 6:45 AM, Simo Sorce wrote:
> > I haven't done a graphical root login in the past 10 years probably and
> > on multiple distribution. Graphical root login is meaningless.
>
>
> Let me ask you a question as an example
On Sun, 2009-06-14 at 15:11 -0400, Chuck Anderson wrote:
> On Sun, Jun 14, 2009 at 10:45:09AM -0400, Simo Sorce wrote:
> > > > * Samba (outbound) browsing requires firewall mods
> > > I don't know how Samba works, so forgive me if I say obvious stupidity,
> > > but shouldn't *client* work eve
On Sun, 14.06.09 16:11, Jeff Spaleta (jspal...@gmail.com) wrote:
>
> On Sun, Jun 14, 2009 at 3:36 PM, Lennart Poettering
> wrote:
> > Are you speaking of the same smolt that lists es1371 as most popular
> > sound card? i.e. a sound card that has been out of production since
> > about 10 years no
> That said, I agree the wheel group should be enabled with sudo, though
> I disagree that the initial install user should be automatically added
> to it.
>
> But then again, I hate sudo :P I do most scripting that requires root
> access via root logins directly with ssh and keys.
i completely ag
On Sun, Jun 14, 2009 at 3:36 PM, Lennart Poettering wrote:
> Are you speaking of the same smolt that lists es1371 as most popular
> sound card? i.e. a sound card that has been out of production since
> about 10 years now? Somehow I have serious doubts about the validity
> of the smolt data.
You mi
On Mon, 15 Jun 2009, Lennart Poettering wrote:
> Are you speaking of the same smolt that lists es1371 as most popular
> sound card? i.e. a sound card that has been out of production since
> about 10 years now? Somehow I have serious doubts about the validity
> of the smolt data.
I've previously a
On Mon, 15.06.09 09:15, James Morris (jmor...@namei.org) wrote:
>
> On Sun, 14 Jun 2009, Lennart Poettering wrote:
>
> > much broken. It's a bit like SELinux: it's one of the first features
> > most people disable.
>
> False.
>
> Most people leave SELinux enabled, according to the smolt stats
On Sun, 14 Jun 2009, Lennart Poettering wrote:
> much broken. It's a bit like SELinux: it's one of the first features
> most people disable.
False.
Most people leave SELinux enabled, according to the smolt stats which have
been collecting since the F8 era.
> Fedora is the only big distro that
On Sun, Jun 14, 2009 at 6:45 AM, Simo Sorce wrote:
> I haven't done a graphical root login in the past 10 years probably and
> on multiple distribution. Graphical root login is meaningless.
Let me ask you a question as an example to better define the
expectation on behavior that people have on wh
Leszek Matok writes:
>> a false feeling that the "non-privileged" account doesn't need the same
>> level of protection as the root account needs.
> The feeling isn't false - overtaking a root-run program is potentially more
> harmful to the system, other users and everyone in sight (root can har
Richard Fearn writes:
>> Who says the first created user is root-equivalent?
>
> It wouldn't be root-equivalent. You have to explicitly use sudo, and
> enter your password when you do use it. It's not the same as a root
> prompt.
It is from a security person POV.
If an attacker compromises your
Dnia 2009-06-14, o godz. 22:12:47
Krzysztof Halasa napisał(a):
> a false feeling that the "non-privileged" account doesn't need the same
> level of protection as the root account needs.
The feeling isn't false - overtaking a root-run program is potentially more
harmful to the system, other users
> Who says the first created user is root-equivalent?
It wouldn't be root-equivalent. You have to explicitly use sudo, and
enter your password when you do use it. It's not the same as a root
prompt.
In any case, I like Mathieu Bridon's idea of having a firstboot option.
Rich
--
fedora-devel-li
On Sun, Jun 14, 2009 at 05:45:43PM +1000, Michael Fleming wrote:
> Ich bin ein secure user and you should be too. Logging in as root into
> X directly (or the console for that matter) is a *bad idea*.
Erm, logging as root on the console is a bad idea? _You've_ obviously
not got any machines runni
> I didn't say the wheel group was a nonsense or a problem. I was
> responding to Richard who wanted the line to be uncommented (harmless
> per se) AND the first user to be added to the wheel group by default.
I've since changed my mind :-)
> For example, a « add to the wheel group » checkbox in
inode0 writes:
> Actually, I am strongly against the way Fedora forces the creation of
> the first user without allowing the admin to set the uid/gid of the
> user. That is a different annoying issue.
Hmm... Does it?
I installed F11 (i386, with netinstall) recently and it didn't create
"normal"
Richard Fearn writes:
> But wouldn't it be nice if this line was uncommented by default, and
> firstboot added the first user to this group automatically?
Who says the first created user is root-equivalent?
--
Krzysztof Halasa
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
htt
Michael Fleming writes:
> With the likes of sudo / ConsoleKit / console-helper et. al you should
> never, ever need to run an extended session as root. Your day-to-day
> work can be done perfectly well as a standard non-privileged user, the
> applications that *need* root, especially in X, are ho
Le dimanche 14 juin 2009 à 20:08 +0200, Lennart Poettering a écrit :
> I still think that the current firewall situation on Fedora is pretty
> much broken. It's a bit like SELinux: it's one of the first features
> most people disable.
For the people I know disabling the firewall is very low under
2009/6/14 Richard Fearn :
>> # grep -n wheel /etc/sudoers
>> 81:## Allows people in group wheel to run all commands
>> 82:# %wheel ALL=(ALL) ALL
>> 85:# %wheel ALL=(ALL) NOPASSWD: ALL
>>
>> All you have to do is uncomment one line ;)
>
> That's exactly what I do, followed by:
>
On 6/13/2009 10:19 PM, Charles Butterfield wrote:
> Okay, so I mostly love Fedora. However, here are 4 things that got by
> blood really, really boiling, so I thought I’d share my emotions. They
> are mostly policy issues, where I think you have gotten it very very wrong.
>
>
>
> Just install
On Sun, Jun 14, 2009 at 10:45:09AM -0400, Simo Sorce wrote:
> > > * Samba (outbound) browsing requires firewall mods
> > I don't know how Samba works, so forgive me if I say obvious stupidity,
> > but shouldn't *client* work even behind closed firewall (like with any
> > other services like s
On Sun, 14.06.09 14:01, Bruno Wolff III (br...@wolff.to) wrote:
>
> On Sun, Jun 14, 2009 at 20:08:31 +0200,
> Lennart Poettering wrote:
> >
> > enabled by default, like we currently do. If an application cannot be
> > trusted then it should not be allowed to listen on a port by default
> > in
On Sun, Jun 14, 2009 at 20:08:31 +0200,
Lennart Poettering wrote:
>
> enabled by default, like we currently do. If an application cannot be
> trusted then it should not be allowed to listen on a port by default
> in the first place. A firewall is an extra layer of security that
> simply hides t
On Sun, 14 Jun 2009 20:08:31 +0200
Lennart Poettering wrote:
> Gah. Allowing packages to pierce the firewall just makes the firewall
> redundant.
>
> I still think that the current firewall situation on Fedora is pretty
> much broken. It's a bit like SELinux: it's one of the first features
> mos
On Sun, Jun 14, 2009 at 10:52:49AM -0700, Arjan van de Ven wrote:
> On Sun, 14 Jun 2009 18:34:52 +0100
> >
> > I think this is actually a problem that needs solving. We have
> > several network services that are either installed by default or
> > might be expected to be part of a standard setup, b
On Sun, Jun 14, 2009 at 1:05 PM, Paul Wouters wrote:
> That said, I agree the wheel group should be enabled with sudo, though
> I disagree that the initial install user should be automatically added
> to it.
Should sudo be treated in this case any differently than su? I think
wheel should be eithe
On Sun, 14 Jun 2009 15:59:58 +0100
Richard Fearn wrote:
> > We have the "wheel" group which would fit the bill.
>
> Yeah, I always uncomment the %wheel line in sudoers and then add
> myself to that group.
>
> Hmmm, having looked at the Features guidelines I'm not sure if this
> warrants a featu
On Sun, 2009-06-14 at 10:52 -0700, Arjan van de Ven wrote:
> On Sun, 14 Jun 2009 18:34:52 +0100
> >
> > I think this is actually a problem that needs solving. We have
> > several network services that are either installed by default or
> > might be expected to be part of a standard setup, but whic
On Sun, 14.06.09 18:34, Matthew Garrett (m...@redhat.com) wrote:
> > So, solving this is pretty easy, even for newbies. But I agree that the
> > error message will not help someone without advanced knowledge. Although
> > I think people running Samba generally will know where to look for the
> > p
On Sun, 14 Jun 2009 19:49:01 +0200
drago01 wrote:
> If you need to login as root into X to "set up the system" you are
> doing something wrong.
yet you may need this to fix some earlier goof.
not allowing the root user to do what he wants/needs to do is
obnoxious in that sense; when you nee
On Sun, 14 Jun 2009, Lennart Poettering wrote:
The way it is done right now, you have a system that might give too
few permissions to some users. If that causes a problem, you'll notice
it, and you can correct it in a very simple way (uncomment one line
and add a user to a group).
However, if w
On Sun, 14 Jun 2009 18:34:52 +0100
>
> I think this is actually a problem that needs solving. We have
> several network services that are either installed by default or
> might be expected to be part of a standard setup, but which don't
> work because of the default firewall rules. The Anaconda pe
On Sun, Jun 14, 2009 at 7:41 PM, Petrus de
Calguarium wrote:
> Charles Butterfield wrote:
>
>>...
>
> Does it help if more people (dis)agree? I will add my voice.
>
> - I like a root login option, especially when first setting
> up the system, as it is helpful to do things as root. I
> consciously
Charles Butterfield wrote:
>...
Does it help if more people (dis)agree? I will add my voice.
- I like a root login option, especially when first setting
up the system, as it is helpful to do things as root. I
consciously choose to use root and realize that I MYSELF
could be exposing MY OWN co
On Sun, Jun 14, 2009 at 06:13:51PM +0200, Julian Aloofi wrote:
> So, solving this is pretty easy, even for newbies. But I agree that the
> error message will not help someone without advanced knowledge. Although
> I think people running Samba generally will know where to look for the
> problem.
I
On Sun, Jun 14, 2009 at 6:13 PM, Julian
Aloofi wrote:
> Am Sonntag, den 14.06.2009, 17:10 +0200 schrieb Mathieu Bridon
>
>> Samba (outbound) browsing requires firewall mods
>
> So, solving this is pretty easy, even for newbies. But I agree that the
> error message will not help someone without adva
>> The way it is done right now, you have a system that might give too
>> few permissions to some users. If that causes a problem, you'll notice
>> it, and you can correct it in a very simple way (uncomment one line
>> and add a user to a group).
>>
>> However, if we change the default, you have a
Am Sonntag, den 14.06.2009, 17:10 +0200 schrieb Mathieu Bridon
> The way it is done right now, you have a system that might give too
> few permissions to some users. If that causes a problem, you'll notice
> it, and you can correct it in a very simple way (uncomment one line
> and add a user to a
On Sun, 14.06.09 17:10, Mathieu Bridon (bochecha) (boche...@fedoraproject.org)
wrote:
> Look at it the other way.
>
> The way it is done right now, you have a system that might give too
> few permissions to some users. If that causes a problem, you'll notice
> it, and you can correct it in a ver
On Sun, Jun 14, 2009 at 05:10:14PM +0200, Mathieu Bridon (bochecha) wrote:
> However, if we change the default, you have a system that may be
> giving too much permissions to some users depending on your taste. And
> the worse part is that you (as an admin) might not even know it !
The semantics
On Sun, 2009-06-14 at 15:59 +0100, Richard Fearn wrote:
> > We have the "wheel" group which would fit the bill.
>
> Yeah, I always uncomment the %wheel line in sudoers and then add
> myself to that group.
>
> Hmmm, having looked at the Features guidelines I'm not sure if this
> warrants a feature
> The way it is done right now, you have a system that might give too
> few permissions to some users. If that causes a problem, you'll notice
> it, and you can correct it in a very simple way (uncomment one line
> and add a user to a group).
>
> However, if we change the default, you have a system
On 14/06/09 16:07, Orcan Ogetbil wrote:
However I agree with you that samba is always a pain to setup on new
systems. I do not hate it, but I wish this had been made easier.
Logging into X as root? I can't comment on this as I didn't ever feel
the need to do that. I didn't know it was prevented
>> We have the "wheel" group which would fit the bill.
>
> Yeah, I always uncomment the %wheel line in sudoers and then add
> myself to that group.
>
> Hmmm, having looked at the Features guidelines I'm not sure if this
> warrants a feature page or not. It would only involve a change to the
> defau
On Sat, Jun 13, 2009 at 10:19 PM, Charles Butterfield wrote:
> Okay, so I mostly love Fedora. However, here are 4 things that got by blood
> really, really boiling, so I thought I’d share my emotions. They are mostly
> policy issues, where I think you have gotten it very very wrong.
>
Do yoursel
> We have the "wheel" group which would fit the bill.
Yeah, I always uncomment the %wheel line in sudoers and then add
myself to that group.
Hmmm, having looked at the Features guidelines I'm not sure if this
warrants a feature page or not. It would only involve a change to the
default sudoers fi
On Sun, Jun 14, 2009 at 17:45:43 +1000,
Michael Fleming wrote:
>
> I've done reinstalls and upgrades and not seen a denial AVC - I believe
> if it runs during the installer it would be a permissive / targeted
> mode. I did have SELinux break an upgrade but that was many releases
> back, and a r
On Jun 14, 2009, at 5:31, Richard Fearn wrote:
Hi,
To be honest, I like the Ubuntu way of adding a sudoers entry for
the
first user that gets created.
Then suggest it as a feature for F12
That is actually a very good idea.
Ubuntu has an "admin" group, and users in that group can use
On Sun, 2009-06-14 at 10:35 +0200, Martin Sourada wrote:
> On Sat, 2009-06-13 at 22:19 -0400, Charles Butterfield wrote:
>
> > * Root gdm login - gets harder every release - SHAME ON YOU root
> > nazis!
> You can always init 3, login as root and startx if you *really need*
> graphica
> # grep -n wheel /etc/sudoers
> 81:## Allows people in group wheel to run all commands
> 82:# %wheel ALL=(ALL) ALL
> 85:# %wheel ALL=(ALL) NOPASSWD: ALL
>
> All you have to do is uncomment one line ;)
That's exactly what I do, followed by:
$ usermod -a -G wheel rich
But woul
> Ubuntu has an "admin" group, and users in that group can use sudo due
> to this line in sudoers:
>
> %admin ALL=(ALL) ALL
>
> I might suggest this as a feature unless anyone else wants to (or
> thinks I shouldn't) ?
# grep -n wheel /etc/sudoers
81:## Allows people in group wheel to run all comma
Hi,
>> To be honest, I like the Ubuntu way of adding a sudoers entry for the
>> first user that gets created.
>
> Then suggest it as a feature for F12
That is actually a very good idea.
Ubuntu has an "admin" group, and users in that group can use sudo due
to this line in sudoers:
%admin ALL=(AL
On 14/06/09 12:10, Manuel Wolfshant wrote:
To be honest, I like the Ubuntu way of adding a sudoers entry for the
first user that gets created.
Then suggest it as a feature for F12
Frank
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fed
1 - 100 of 104 matches
Mail list logo