FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-27-2008, 10:08 PM
Geoffrey Leach
 
Default Fedora 9 and Security

There are several things about Fedora 9 that bug me.

First, SELinux is configured, with no ability to opt-out, as was the
case in Fedora 8. Second, the "automatic login for a designated user"
has been removed.

Both of these are clearly security-related, but where is it written
that Fedora needs to force us to "be good". Strikes me that the folks
who do these things need to ask what the users want. Or was I asleep
when the discussion raged on the list?

Third, not security related but emblemantic of the same mindset, I
suspect, is the introduction, again by default with no opt-out, of
UUIDs. I understand that this is thought to be a Good Idea (tm) for
those users who use bleeding-edge software on their multi-system
networks, but for the rest of us, its just a pain, and makes life more
complicated for those of us that administer our own laptops.

Now I feel better.

Geoffrey Leach


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 05:53 AM
Mogens Kjaer
 
Default Fedora 9 and Security

Geoffrey Leach wrote:
...
Second, the "automatic login for a designated user"
has been removed.


It works in the F9 livecd.

The kickstart file for generating a livecd contains
the following in the %post section:

# set up timed auto-login for after 60 seconds
cat >> /etc/gdm/custom.conf << FOE
[daemon]
TimedLoginEnable=true
TimedLogin=fedora
TimedLoginDelay=60
FOE

Mogens

--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk@crc.dk Homepage: http://www.crc.dk

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 09:17 AM
Tim
 
Default Fedora 9 and Security

On Tue, 2008-05-27 at 15:08 -0700, Geoffrey Leach wrote:
> Strikes me that the folks who do these things need to ask what the
> users want. Or was I asleep when the discussion raged on the list?

I would imagine such discussions would be more likely to be on the
development lists, rather than this more general support list. Are you
on that one, too?

--
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 09:27 AM
Alan Cox
 
Default Fedora 9 and Security

> suspect, is the introduction, again by default with no opt-out, of
> UUIDs. I understand that this is thought to be a Good Idea (tm) for
> those users who use bleeding-edge software on their multi-system
> networks, but for the rest of us, its just a pain, and makes life more
> complicated for those of us that administer our own laptops.

You can use uuids, labels or device names. Nothing has changed there. The
defaults the installer uses have changed, and it makes no sense for the
installer to ask new users questions like

Use UUID, LABEL or device name ?"

Because the answer in 99.99% cases is "uh ??"


Similarly SELinux setting has moved from the install stage (where it
doesn't belong). Try running system-config-selinux, or selecting it from
roots menus.

Alan

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 11:31 AM
Timothy Murphy
 
Default Fedora 9 and Security

Mogens Kjaer wrote:

>> Second, the "automatic login for a designated user"
>> has been removed.
>
> It works in the F9 livecd.
>
> The kickstart file for generating a livecd contains
> the following in the %post section:
>
> # set up timed auto-login for after 60 seconds
> cat >> /etc/gdm/custom.conf << FOE
> [daemon]
> TimedLoginEnable=true
> TimedLogin=fedora
> TimedLoginDelay=60
> FOE

Could one put this in a file somewhere on a KDE system?
(I don't have /etc/gdm/ on my Fedora-9 laptop.)


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 04:34 PM
Rahul Sundaram
 
Default Fedora 9 and Security

Timothy Murphy wrote:


Could one put this in a file somewhere on a KDE system?
(I don't have /etc/gdm/ on my Fedora-9 laptop.)


A KDE system can very well use GDM. There is a similar capability
offered by KDM too anyway.


Rahul

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 07:57 PM
"Andras Simon"
 
Default Fedora 9 and Security

On 5/28/08, Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:

> You can use uuids, labels or device names. Nothing has changed there. The
> defaults the installer uses have changed, and it makes no sense for the
> installer to ask new users questions like
>
> Use UUID, LABEL or device name ?"

How about old users? Perhaps in this new-user-friendly form:

"Use UUID (recommended), LABEL or device name ?"

Disclaimer: I've never heard of uuids before. But perhaps it'd make
sense for those of us who are using older releases of Fedora, have
several partitions, and would like to install F9 in a separate
partition so we can go back to F8 or F7 in case something goes
wrong, to chose LABEL.

>
> Because the answer in 99.99% cases is "uh ??"
>

Or: "OK, let me chose the default".

Andras

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 11:37 PM
"Amadeus W.M."
 
Default Fedora 9 and Security

> You can use uuids, labels or device names. Nothing has changed there.
> The defaults the installer uses have changed, and it makes no sense for
> the installer to ask new users questions like
>
> Use UUID, LABEL or device name ?"
>
> Because the answer in 99.99% cases is "uh ??"
>

In which case (and only then) the installer can choose for them, but let
there be choice with sensible (and visible) defaults for the others.

Because if I'm a new user and I want to change, say, from UUID to labels
(post-installation) I may not know how to do that. You don't suppose new
users would know better after than before, do you?


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 11:44 PM
Rahul Sundaram
 
Default Fedora 9 and Security

Amadeus W.M. wrote:


Because if I'm a new user and I want to change, say, from UUID to labels
(post-installation) I may not know how to do that. You don't suppose new
users would know better after than before, do you?


You have to think about use cases and think about why non technical
users would want to change any very low level details like this. If
there are good reasons why fiddling with these are important, higher
tools like say a graphical utility can be written but thinking about why
is always important because the need to change these settings might
point to other things can be done better.


Rahul

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-29-2008, 12:02 AM
Alan Cox
 
Default Fedora 9 and Security

> > Because the answer in 99.99% cases is "uh ??"
> >
>
> Or: "OK, let me chose the default".

Why even ask the question - if you know what you are doing you can change
it later on.

We don't go around asking

Preferred Emailer
What inode size should we use on ext3
Adjust raid readahead

..

so why ask about what to most users are internal details about how we
make sure their data reappears next reboot ?


Alan

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 01:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org