On Sat, 12 Dec 2015 09:30:17 +0530 Sunil Mohan Adapa <[email protected]> wrote: > Possible solutions: > > - - Allow all local (non-LDAP) users to login in addition to allowing 'admin' > group users. > > - - Allow 'sudo' group users also to login. > > - - Relax policy of allowing only 'admin' users on console.
Adding the sudo group would fix most cases, but there will still be an issue for display managers like gdm (it can't start with the current restriction). I'm wondering about the security benefit of restricting logins (both console and SSH) from non-privileged users. There could be a use case for non-admin users to access files in their home folders, although we may need to implement storage quotas. -- James
signature.asc
Description: OpenPGP digital signature
