Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Thread beginning with comment 508951
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: ugghh!
by Soulbender on Wed 29th Feb 2012 13:18 UTC in reply to "RE[2]: ugghh!"
Soulbender
Member since:
2005-08-18

This application is trusted todo the following.


How is this better than "this user is allowed to do A and B but not C"?

This is creating true secuirty by obscurity.


Because security through obscurity is so awesome...

Reply Parent Score: 3

RE[4]: ugghh!
by ndrw on Wed 29th Feb 2012 14:05 in reply to "RE[3]: ugghh!"
ndrw Member since:
2009-06-30

How is this better than "this user is allowed to do A and B but not C"?


From a sysadmin's point of view on security? Not at all. Mind you, that's a very narrow view. Especially when you consider typical dekstop installations, where "the system" can be reinstalled in an hour and all valuable data are in home directories.

From user data security point of view - a lot. There is a big difference between user actions in e.g. synaptic and firefox. I'd like to have access to the printer setup when I explicitly ask for it (e.g. in an appropriate config dialog box) but now when I compile a program or browse Internet.

Reply Parent Score: 3

RE[5]: ugghh!
by Soulbender on Thu 1st Mar 2012 03:39 in reply to "RE[4]: ugghh!"
Soulbender Member since:
2005-08-18

So it's not better as much as it is a different use-case.

but now when I compile a program or browse Internet.


But is this actually how policykit is set up on any current distro? I'm pretty sure any application run in the user account has full access to all user data.
As you said, the system can be re-installed in an hour so a system compromise or failure is not as serious as that of user data loss.

Reply Parent Score: 3