intrigeri:
> hi,
> 
> sajolida wrote (20 Mar 2012 10:01:34 GMT) :
> 
>>>> « Leave this blank for better security unless you need to
>>>> perform administration operations. »
> 
>> Ok, now I understand. But when I first read it I thought that
>> leaving it blank was like setting a "blank" administration password
>> and that I would be able to do sudo at anytime (like before).
> 
> Understood. We must fix this.
> 
>> So what about:
> 
>> « Optionally enter an administration password. If you leave this
>> blank you won't be able to perform administration operations but
>> that could prevent a malware or an attacker from getting
>> administration privileges. »
> 
> It sounds to me like "beware! if you leave it blank etc.", that is
> encouraging people to enter a password, and I don't like it.
> 
> How about something like:
> 
> « Leave this blank for better security -- you won't be granted
>   administration credentials
> or
>   Enter an administration password -- in case you need to perform
>   administration operations »

How about a combination of both:

« Enter an administration password in case you need to perform
administration tasks. Otherwise it will be disabled for better security. »

I'm also worried about allowing a way to understand what's happening
once you booted, and before digging in the documentation. Especially
since that's a change from previous versions. I guess we could customize
/etc/sudoers for that.

We could replace the traditional first-time lecture when no root
password is set. That could be done with the 'lecture' and
'lecture_file' options, see man sudoers. It could say something like:

« By default, the administration password is disabled for better
security. If you need to perform administration tasks you need to set up
an administration password at boot time. See the corresponding
documentation. »

-- 
sajolida


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tails-dev mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-dev

Reply via email to