Re: [RFC] disabled root account / distinct group for users with administrative privileges

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: [RFC] disabled root account / distinct group for users with administrative privileges
From: "Bernhard R. Link" <brlink@debian.org>
Date: Wed, 20 Oct 2010 10:47:44 +0200
Message-id: <[🔎] 20101020084744.GA16714@pcpool00.mathematik.uni-freiburg.de>
Mail-followup-to: Debian Developers <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 4CBE9E22.5070805@free.fr>
References: <[🔎] 4CBCCC71.5010507@debian.org> <[🔎] 1287468956.18904.8.camel@tomoyo> <[🔎] 201010190948.58805.jesus.navarro@undominio.net> <[🔎] 20101020021142.GA11047@virgil.dodds.net> <[🔎] 20101020051257.GL3375@mykerinos.kheops.frmug.org> <[🔎] 4CBE9E22.5070805@free.fr>

* Vincent Danjean <vdanjean.ml@free.fr> [101020 09:46]:
> > How about the "root" group?
>
> This would hurt systems where umask is 002 (or 007) by default (the root
> group is the primary group of the root user with nobody else in it)

No, the root group (aka wheel) group is the group of people that are
allowed to switch to root if not everyone allowed to (pam_wheel, ...).

Nothing should assume that on a random system only root is in group
root.

	Bernhard R. Link

Reply to:

References:
- [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Michael Biebl <biebl@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Josselin Mouette <joss@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Steve Langasek <vorlon@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Christian PERRIER <bubulle@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Vincent Danjean <vdanjean.ml@free.fr>

Prev by Date: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Next by Date: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Previous by thread: Excessive permissions for users in group wheel.
Next by thread: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Index(es):
- Date
- Thread