On May 13, 2008, at 4:50 PM, Bart Smaalders wrote: > > How do I log into and configure a blank system image? Is a default > account created that has this privilege, or does the lack of such > an account mean that the system must be repaired by booting > from alternate media?
Loosing or breaking the administrator's account is identical to loosing root password. > How will we insure that there are real administrative users present > in the password file? The real administrative users present in the password file because the initial installation put it there. This is not about the elimination of root as a much as it is the ability to create a machine that has a no root password. Previous methods of having root have a password are still possible. In 2008.05, it is possible for the initial user to type "pfexec passwd -N root" and continue on their way simply typing "pfexec bash" instead of "su"/ password combination. My motivation was that asking for the password at installation was a needless step because of the above. The bug was that if you eliminated the root password and wanted to get single user, it was not possible, hence the case. If the target market is Linux web 2.0 developer. The application developers I know of (personal experience included) rely heavily on sudo. In addition to other OSs like Ubuntu, Mac OS X also runs without the root password. (People that are developing the Linux kernel typically run as root and are not the target IMO.) With this change web 2.0 admins can do "pfexec bash", "sudo bash" or add a password to root. (IMO, we do need at least a redirect of people typing sudo to pfexec and a longer term plan around sudo, and we should think about doing this in general. I believe Ubuntu has the ability to suggest packages when unknown commands are typed in.) Longer term, it is another password that the developer does not need to remember, change and manage. Enterprise admins have more issues as Bart suggests, but they are more motivated to eliminate the management of shared root passwords and their human processes. This change does not eliminate how enterprises are doing it now. Bottom line is that it results in simpler installation, simpler management and similar administration (to Ubuntu and Mac OS X) and does not break the existing paradigm. For we RHEL developers this hurdle is not significant. Jim
