[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (Possible) menu code rewrite



Yeah, I agree with you.  If you want someone to have admin privileges, you should be explicit about that. Don't make any assumptions about who should be a valid administrator.  For people like us, who own and administer our own systems, that may be OK, but we know how to do it anyway.  Making a simple facility to add administrative access is one thing, doing it by default is another, and in my opinion, not a good idea at all.

The Mac OS X idea is cute, but it actually has potentially damaging security implications at a time when most system software developers are attempting to tighten (not lessen) security.  Though I'm not quite ready to have something like the SE Linux approach the default (not yet anyway), I do think that opening up overly easy system administration creates more problems than it solves.  I think requiring a would-be administrator to know how to create admin access is the appropriate thing to do --- or go the SE Linux route.
-- 
Brian Masinick
mailto:masinick@yahoo.com


Manfred Wassmann wrote:
On Wed, 17 Jul 2002, Mark Ferlatte wrote:

[...]

  
You know, Mac OS X actually handles this pretty well: the first user
account that's created is by default an "Admin" (which places them into
/etc/sudoers, and enables their UI sudo to work for them).  Every
additional user that's created is by default not an Admin, but can
easily be made one.

It doesn't seem that bad of an idea to make the Debian installer just
make the user account that's created on install be an admin by default.
    

I don't like that.  One more needlessly hardwired special UID.  Why not
just having an admin sub menu (-structure) taking all entries that need
special privileges to run?


  


Reply to: