Fedora 9 and Security
There are several things about Fedora 9 that bug me.
First, SELinux is configured, with no ability to opt-out, as was the case in Fedora 8. Second, the "automatic login for a designated user" has been removed. Both of these are clearly security-related, but where is it written that Fedora needs to force us to "be good". Strikes me that the folks who do these things need to ask what the users want. Or was I asleep when the discussion raged on the list? Third, not security related but emblemantic of the same mindset, I suspect, is the introduction, again by default with no opt-out, of UUIDs. I understand that this is thought to be a Good Idea (tm) for those users who use bleeding-edge software on their multi-system networks, but for the rest of us, its just a pain, and makes life more complicated for those of us that administer our own laptops. Now I feel better. Geoffrey Leach -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
Geoffrey Leach wrote:
... Second, the "automatic login for a designated user" has been removed. It works in the F9 livecd. The kickstart file for generating a livecd contains the following in the %post section: # set up timed auto-login for after 60 seconds cat >> /etc/gdm/custom.conf << FOE [daemon] TimedLoginEnable=true TimedLogin=fedora TimedLoginDelay=60 FOE Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: mk@crc.dk Homepage: http://www.crc.dk -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
On Tue, 2008-05-27 at 15:08 -0700, Geoffrey Leach wrote:
> Strikes me that the folks who do these things need to ask what the > users want. Or was I asleep when the discussion raged on the list? I would imagine such discussions would be more likely to be on the development lists, rather than this more general support list. Are you on that one, too? -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
> suspect, is the introduction, again by default with no opt-out, of
> UUIDs. I understand that this is thought to be a Good Idea (tm) for > those users who use bleeding-edge software on their multi-system > networks, but for the rest of us, its just a pain, and makes life more > complicated for those of us that administer our own laptops. You can use uuids, labels or device names. Nothing has changed there. The defaults the installer uses have changed, and it makes no sense for the installer to ask new users questions like Use UUID, LABEL or device name ?" Because the answer in 99.99% cases is "uh ??" Similarly SELinux setting has moved from the install stage (where it doesn't belong). Try running system-config-selinux, or selecting it from roots menus. Alan -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
Mogens Kjaer wrote:
>> Second, the "automatic login for a designated user" >> has been removed. > > It works in the F9 livecd. > > The kickstart file for generating a livecd contains > the following in the %post section: > > # set up timed auto-login for after 60 seconds > cat >> /etc/gdm/custom.conf << FOE > [daemon] > TimedLoginEnable=true > TimedLogin=fedora > TimedLoginDelay=60 > FOE Could one put this in a file somewhere on a KDE system? (I don't have /etc/gdm/ on my Fedora-9 laptop.) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
Timothy Murphy wrote:
Could one put this in a file somewhere on a KDE system? (I don't have /etc/gdm/ on my Fedora-9 laptop.) A KDE system can very well use GDM. There is a similar capability offered by KDM too anyway. Rahul -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
On 5/28/08, Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:
> You can use uuids, labels or device names. Nothing has changed there. The > defaults the installer uses have changed, and it makes no sense for the > installer to ask new users questions like > > Use UUID, LABEL or device name ?" How about old users? Perhaps in this new-user-friendly form: "Use UUID (recommended), LABEL or device name ?" Disclaimer: I've never heard of uuids before. But perhaps it'd make sense for those of us who are using older releases of Fedora, have several partitions, and would like to install F9 in a separate partition so we can go back to F8 or F7 in case something goes wrong, to chose LABEL. > > Because the answer in 99.99% cases is "uh ??" > Or: "OK, let me chose the default". Andras -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
> You can use uuids, labels or device names. Nothing has changed there.
> The defaults the installer uses have changed, and it makes no sense for > the installer to ask new users questions like > > Use UUID, LABEL or device name ?" > > Because the answer in 99.99% cases is "uh ??" > In which case (and only then) the installer can choose for them, but let there be choice with sensible (and visible) defaults for the others. Because if I'm a new user and I want to change, say, from UUID to labels (post-installation) I may not know how to do that. You don't suppose new users would know better after than before, do you? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
Amadeus W.M. wrote:
Because if I'm a new user and I want to change, say, from UUID to labels (post-installation) I may not know how to do that. You don't suppose new users would know better after than before, do you? You have to think about use cases and think about why non technical users would want to change any very low level details like this. If there are good reasons why fiddling with these are important, higher tools like say a graphical utility can be written but thinking about why is always important because the need to change these settings might point to other things can be done better. Rahul -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Fedora 9 and Security
> > Because the answer in 99.99% cases is "uh ??"
> > > > Or: "OK, let me chose the default". Why even ask the question - if you know what you are doing you can change it later on. We don't go around asking Preferred Emailer What inode size should we use on ext3 Adjust raid readahead .. so why ask about what to most users are internal details about how we make sure their data reappears next reboot ? Alan -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
| All times are GMT. The time now is 03:29 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.