[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] disabled root account / distinct group for users with administrative privileges

On Tue, Oct 19, 2010 at 09:48:58AM +0200, Jesús M. Navarro wrote:
> On Tuesday 19 October 2010 08:15:56 Josselin Mouette wrote:
> [...]

> > Le mardi 19 octobre 2010 à 02:12 +0200, Jesús M. Navarro a écrit :
> > > What about the old-fashioned "wheel" group[1]?

> > This would be an even worse disaster than “admin”, for similar reasons.
> > Users of the “wheel” group were not supposed to get root privileges with
> > their own password.

> Ok.  But since this group is conceptually the same than the "old" wheel group, 
> one "that provides additional special system privileges that empower a user 
> to execute restricted commands that ordinary user accounts cannot access", 
> why not make a bit of a joke of it?  How about bigwheel (since that's where 
> wheel derives from)?

It is *semantically* different.  The worst possible way to implement this is
by overtaking a pre-existing group that *we have defined* to have different
semantics than what it's being proposed for.

Defining a new group that may conflict with existing local groups on
particular installed systems is not much better, but it's as good as we can

> On the other hand, is it really necessary a new group?  Can't adm or operator 
> be overloaded with this new functionality? (think Ockham's razor).

No.  Both of those groups also have other meanings.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: