Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Thread beginning with comment 508868
To read all comments associated with this story, please click here.
I'm happy Linus has weighted in
by ndrw on Wed 29th Feb 2012 03:21 UTC
ndrw
Member since:
2009-06-30

Except for a few user-friendly distributions most Linux systems are configured as if they were all deployed on thin-clients in a bank. The problem is that small users are much more reliant on the defaults - they don't have their own teams of system administrators and their needs/environment is much more dynamic.

I would go even further and allow users to install software from official repo without root password or sudo. We still want to make sure it is the user who initiates the process but that's all. It can probably be done without a password and certainly without a root password.

Interestingly most problems I experience don't come from major installations (these have good administrators and procedures) and not from my home installations (I simply use sudo). They all come from minor networked installations (workstations), where some self-proclaimed sysadmins have installed an ancient version of CentOS, locked it down (or rather not UNlocked) and declared the job done. We could blame these admins for sloppy work ("OMG, they don't do security updates!") but I've seen it happen in so many different place so there is clearly a mismatch between what distributors expect sysadmins to do and what they really do.

Reply Score: 3

oiaohm Member since:
2009-05-30

Policy kit as a mentioned before and http://www.packagekit.org/

Now you don't need root password to install applications. Can ask for users password or no password at all.

This is a simple case of distributions not providing configuration front ends for policykit.

Lot of times if you are using sudo you should not be this more often than not shows defective distribution.

Having a rights control system then no way to make it simple to manage is a major defect.

Reply Parent Score: 3

ndrw Member since:
2009-06-30

Once deployed and configured properly both sudo and policykit do the job. As a user I have no preference for any of them. Chances are that I'll get sudo before PackageKit (just because PackageKit is somewhat newish), and I'd be perfectly happy with it.

Unfortunately, if the default is to have sudo/PK disabled and there is no easy switch to enable it I'll still have to use my Linux workstation as a dumb terminal and compile everything from sources. It isn't exactly "using an OS", more like "fighting" it.

Reply Parent Score: 2