Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Thread beginning with comment 508860
To read all comments associated with this story, please click here.
Comment by ilovebeer
by ilovebeer on Wed 29th Feb 2012 02:28 UTC
ilovebeer
Member since:
2011-08-08

What I find humorous is that the separation of root, elevated privileges, and general users is intended to provide security. But a whole hell of a lot of systems don't use this hierarchy as intended and thus their systems security is compromised....and they don't even realize it.

Reply Score: 2

RE: Comment by ilovebeer
by dnebdal on Wed 29th Feb 2012 14:22 in reply to "Comment by ilovebeer"
dnebdal Member since:
2008-08-27

It can easily be like how overly strict password policies lead to unsafe password storage - if you make your security system too annoying, the workarounds will be worse than if you implemented a less safe but also less annoying system in the fist place. And what constitutes "too annoying" shifts greatly between systems; a single-user laptop should be less finicky than a multiuser server, etc.

Reply Parent Score: 1