-----BEGIN PGP SIGNED MESSAGE-----
> On Wed, 14 Jan 2009 06:56:39 -0500
> Dave Phillips <email@example.com> wrote:
>> Gustin Johnson wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> Andy Farnell wrote:
>>>> On Wed, 14 Jan 2009 12:21:34 +0200 (SAST)
>>>> firstname.lastname@example.org wrote:
>>>>>> Yes, I know you can get round it by setting a root password. If I wanted
>>>>>> my distro to dictate my behaviour, I'd use a Mac.
>>>>> It annoys me as well. The fact that I have to enter the password after
>>>> It's a very poor (prescriptive and arrogant) design decision. People
>>>> using a distro like 64Studio are likely able to make an informed
>>>> choice. Creating a root account should be an install option, and it
>>>> should be _enabled_ by default.
>>> The root account has been created. All that is missing is a password.
>>> I still don't see the arrogance of this. Using sudo is a good habit to
>>> get into, what exactly is the problem with encouraging new users to
>>> develop good habits?
>> I'm with Gustin on this one. At first I didn't like Ubuntu's insistence
>> on sudo, but it doesn't matter to me now. The only times I need su
>> privileges are when I'm performing administative tasks, mostly
>> installing stuff from repos or my own builds. Everything is still
>> copacetic here.
> I don't like sudo at all. In the first place I regard it as a
> weakening of security, in that to get admin privilege you only need
> your login password, rather than a completely separate one.
> Also, when doing admin work it is rare that I want to use a single
> command. I normally want to perform a block of operations in a terminal
> window then close it when I've finished. At the same time I don't want
> a sudo shell. I want it to be a conscious decision on my part that
> 'here be dragons'.
As a sysadmin I like the granularity that sudo provides. I can limit
what certain users have access to. The DBA can only restart mysql and
postgres, the mail admins can only restart ldap, exim, and cyrus. This
way none of them gets the root password, I do not have to deal with SUID
scripts, and I get logging to boot.
> Unless there is a simple way to set up an access a proper root account,
> I guess I'll be sticking with 2.1 then
You could also configure PAM to allow logins for accounts without
passwords, but that is just insane IMO.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
64studio-users mailing list