Adam Williamson <[EMAIL PROTECTED]> wrote:
> Here is a perfect summation of why it's absolutely correct to disable
> root login by default, from #mandrake IRC:
>
> [snip: explanation and conclusion]
Yes but it should be more or less self-explanatory. What could be done
is the following or some subvariation.
During instalation the first user account is granted sudo rights. ie a
line like:
bob ALL=(ALL) NOPASSWD: ALL
mandrake software that requires root permission can now get it without
user bob having to type the root-password. Instead he could be
presented with a gtk/kde-dialog like:
The system requires your admin/root permissions:
1) grant them.
2) deny them.
3) tutorial and advanced options.
If he choses 3) he will get a story about root, su, sudo and security
risk and the option to a security model he likes, for example:
1) from now on ask for the root-pass.
2) keep asking for confimation without asking for the pass.
3) keep using sudo and don't ask for confirmation.
Of course this should be switchable at all time. People may have a
laptop for instance and if they work at home 3 is fine, but when they
go to the workplace they have to switch to 2.
Sounds to me like a comfortable way to increase confort and security
and a good point to get people to read some basic stuff about security.
# Han
--
http://www.xs4all.nl/~hanb/software
http://www.xs4all.nl/~hanb/documents/quotingguide.html
