intrigeri: > hi, > > sajolida wrote (20 Mar 2012 10:01:34 GMT) : > >>>> « Leave this blank for better security unless you need to >>>> perform administration operations. » > >> Ok, now I understand. But when I first read it I thought that >> leaving it blank was like setting a "blank" administration password >> and that I would be able to do sudo at anytime (like before). > > Understood. We must fix this. > >> So what about: > >> « Optionally enter an administration password. If you leave this >> blank you won't be able to perform administration operations but >> that could prevent a malware or an attacker from getting >> administration privileges. » > > It sounds to me like "beware! if you leave it blank etc.", that is > encouraging people to enter a password, and I don't like it. > > How about something like: > > « Leave this blank for better security -- you won't be granted > administration credentials > or > Enter an administration password -- in case you need to perform > administration operations »
How about a combination of both: « Enter an administration password in case you need to perform administration tasks. Otherwise it will be disabled for better security. » I'm also worried about allowing a way to understand what's happening once you booted, and before digging in the documentation. Especially since that's a change from previous versions. I guess we could customize /etc/sudoers for that. We could replace the traditional first-time lecture when no root password is set. That could be done with the 'lecture' and 'lecture_file' options, see man sudoers. It could say something like: « By default, the administration password is disabled for better security. If you need to perform administration tasks you need to set up an administration password at boot time. See the corresponding documentation. » -- sajolida
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
