Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Permalink for comment 508903
To read all comments associated with this story, please click here.
RE: Not designed for his daughter.
by ndrw on Wed 29th Feb 2012 09:17 UTC in reply to "Not designed for his daughter."
ndrw
Member since:
2009-06-30

Server is a quite different story, isn't it. First of all there are no interactive session on the server, so the whole issue simply doesn't apply to you.

Another exception is a classic centrally controlled terminal server configuration. Here also the sysadmin is a "god".

In both cases the systems are installed and configured by a qualified personnel and don't change over time. The sysadmin should be able to setup (and lock) time and printers fairly easily.

These use cases are very different from a single-user desktop or a shared workstation, which are far more dynamic and often have no sysadmin at all or maintained collectively anyway. In these scenarios "security" is more about making it less likely to shoot yourself in the foot than about locking down the system. The traditional account-based security model (with holes in form of suid's, sudo, policykit) kind of does the job but since it was specifically designed for large centralized rigid time-share systems from '70s there are glitches all over the place and some important aspects of security (user data) are completely neglected.

Reply Parent Score: 3