On Mon, 2003-08-04 at 11:11, Ken Thompson wrote: > Logging in as root is really not the issue, being able to type the > name/password pair of any user of my choice is the issue. > As has been mentioned, with many users, which I don't have, the icon list is > too big to be comfortable. So, what I'm saying is simply this, leave the > text box for user name and password input there. Make it possible to type in > the name/password pair of CHOICE and be able to log in as what ever user you > choose. As it is now, the only login choice is the users shown with icons and > no way to type in a username/password pair . > If security is in question, then simply configure mdkkdm to not show any user > icons requiring the person logging in to know the username/password pair in > order to log in by default and then let the owner of the box make any changes > he/she wants.
In other words install kdm or gdm. ;) > > > So, if root login was possible by default with mdkkdm (you can easily do > > this, although root will then appear in the icon list), would you then > > not detest it? > > No, I still feel it's an issue of choice, not of being able to log in as root. > In fact, I do have the root user showing as an icon and don't really care to > have it that way, it would be a bit more secure if all I needed to do was > type root in the username space and then the proper password.. Right. > > Sounds like "insecure by default", which linux cannot afford to be now > > that MS is actually working very hard on security. > Not at all, this is NOT what I want or need.. It took me a long time to get > used to using the user account (I have been doing this for several years) and > I feel uncomfortable running with full root priv's like windows. > All I'm saying is this: it's my system, warn me loud and long about possible > mistakes but don't try to take away my ability to either fix it or screw it > up. Take a look at history, DOS, pretty powerful, you were only limited by > your own knowledge. Exactly correct. The human animal learns by committing it's owm mistakes. You might also look at the history of the login managers; the features of which all have an evolutionary history, resultant from people using them from day to day. You yourself are now discovering the differences between an evolved login interface and a new one with comparatively no evolutionary history. > Windows 3.1, less power, you had to hunt for common utilities or revert to the > command window. > Windows 95, less personal usability - more wizard type stuff but still had the > "Windows Explorer" (file manager). > Windows 98 pretty much the same as 95. Internet Explorer 4.0 shows up with > "Single Click" navigation enabled by default. Version 5.0 reverts to double > click. > Now along comes ME, windows explorer opens "My Documents" not the file > manager. > Windows 2000/XP same.. And all in the name of convenience and usability.. > Phooy! Exactly. 2000/XP is like a mythical Pan playing a flute which has the masses of developers mesmerized with visions of dollar signs. They will follow Pan anywhere, even over the edge of the cliff. > I see mdk headed the same way so I make a bit of a fuss from time to time. > > Until we have a "best practices for administrative accounts" or similar > > document which the user will easily find (win2k3 has a document like > > this) which suggests never logging in as root etc etc (win2k3 suggests > > that you should never log in as Domain Admin, you should change the > > default "Administrator" account username, and disable the "Schema Admin" > > group on the Domain Controller), I don't think it is wise to make it > > easy to log in as root. > Not easy in the sense of "by default" but easy in the sense of having it > available if needed ! Bingo. > > Regards, > > Buchan > > > It's about time windows got some security sense <G>.. > I'm not really trying to be a pain, just trying to give my feelings on this > subject. > I'm not an expert guru but I have been using Linux since 1996 and Mandrake > since 1999 so I am aware of the security issues involved in running as root.. Not only that but even in the case of a person who doesn't know squat and is as dumb as a doornail, he would still have the right to choose for himself. You should'nt be looking for your momma in the MDK distro or on the cooker list. If you ever need your momma, all you got to do is go home. LX -- ����������������������������������������������� Linux Mandrake 9.1 Kernel 2.4.21-0.13mdk "Filter That, Bitch!" --Lanman, MDK Newbie List ������������������������������������������������
