Re: (Possible) menu code rewrite

[Brian Masinick <masinick@yahoo.com>]

Yeah, I agree with you.  If you want someone to have admin privileges, you
should be explicit about that. Don't make any assumptions about who should
be a valid administrator.  For people like us, who own and administer our
own systems, that may be OK, but we know how to do it anyway.  Making a simple
facility to add administrative access is one thing, doing it by default is
another, and in my opinion, not a good idea at all.

The Mac OS X idea is cute, but it actually has potentially damaging security
implications at a time when most system software developers are attempting
to tighten (not lessen) security.  Though I'm not quite ready to have something
like the SE Linux approach the default (not yet anyway), I do think that
opening up overly easy system administration creates more problems than it
solves.  I think requiring a would-be administrator to know how to create
admin access is the appropriate thing to do --- or go the SE Linux route.
 
-- 
Brian Masinick
mailto:masinick@yahoo.com


Manfred Wassmann wrote:
> On Wed, 17 Jul 2002, Mark Ferlatte wrote:
>
> [...]
>
> > You know, Mac OS X actually handles this pretty well: the first user
> > account that's created is by default an "Admin" (which places them into
> > /etc/sudoers, and enables their UI sudo to work for them).  Every
> > additional user that's created is by default not an Admin, but can
> > easily be made one.
> >
> > It doesn't seem that bad of an idea to make the Debian installer just
> > make the user account that's created on install be an admin by default.
> >   
> I don't like that.  One more needlessly hardwired special UID.  Why not
> just having an admin sub menu (-structure) taking all entries that need
> special privileges to run?