Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Thread beginning with comment 508888
To read all comments associated with this story, please click here.
Not designed for his daughter.
by spiderman on Wed 29th Feb 2012 08:05 UTC
spiderman
Member since:
2008-10-23

Maybe OpenSuse is not designed for his daughter?
What about all the people who use OpenSuse on their servers? What If I have a team of web developers and admins spread across the world and every morning they change the system time because they think it's not right in their country? What if I don't want developers at the other side of the world to print crap on my printer?

Reply Score: 4

Gone fishing Member since:
2006-02-22

Opensuse you can print and connect to a network without root. At least in Gnome (KDE?) it uses network manager by default and you don't need root. It's only if you use Yast turn network manager off and use ifup do you need root. As Yast is a centralised management system that is right.

Reply Parent Score: 4

ndrw Member since:
2009-06-30

Server is a quite different story, isn't it. First of all there are no interactive session on the server, so the whole issue simply doesn't apply to you.

Another exception is a classic centrally controlled terminal server configuration. Here also the sysadmin is a "god".

In both cases the systems are installed and configured by a qualified personnel and don't change over time. The sysadmin should be able to setup (and lock) time and printers fairly easily.

These use cases are very different from a single-user desktop or a shared workstation, which are far more dynamic and often have no sysadmin at all or maintained collectively anyway. In these scenarios "security" is more about making it less likely to shoot yourself in the foot than about locking down the system. The traditional account-based security model (with holes in form of suid's, sudo, policykit) kind of does the job but since it was specifically designed for large centralized rigid time-share systems from '70s there are glitches all over the place and some important aspects of security (user data) are completely neglected.

Reply Parent Score: 3

Soulbender Member since:
2005-08-18

What about all the people who use OpenSuse on their servers?


Server's are fundamentally different from workstations and as such different security profiles (or whatever you want to call it) would be a good idea.

What If I have a team of web developers and admins spread across the world and every morning they change the system time because they think it's not right in their country?


So what? It's a workstation. I certainly hope the people in your team who's half-across the world can change the time if needed and don't have to wait for someone in your part to wake up and do it for them.

What if I don't want developers at the other side of the world to print crap on my printer?


I don't see what root or not has to do with this. Do you give them all shell access to your workstation or something?

Reply Parent Score: 2