[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] disabled root account / distinct group for users with administrative privileges

On Thu, 21 Oct 2010 06:49:00 +0200, Christian PERRIER <bubulle@debian.org> wrote:
> Quoting Russ Allbery (rra@debian.org):
> Maybe sudo is not that bad, after all..:-)

If we decide to reject 'admin', I think we should use sudo.  I find the
argument that admin is confusing given the presence of adm fairly
convincing -- It's all too easy to say something like "could you add
fred to the adm group" over the phone and pronounce 'adm' as 'admin'.

Sadly, we are not the first to make this decision though, and having
admin on Ubuntu and sudo on Debian would be a pain for people that have
mixed sites, or even for admins that just have access to some of each.

What is the likelihood that Ubuntu might switch to using sudo for this if
we settled on that? (my guess is that they'd stick with admin)

Given that we've had the sudo group for a while, and we're tightening up
the passwordless aspect of that anyway, it is a perfect fit.

On balance, I favour sudo for this, but wouldn't be too unhappy with
admin -- the most important thing is that we have such a group defined.

Cheers, Phil.
|)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
|-|  HANDS.COM Ltd.                    http://www.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND

Attachment: pgpfsgxPe2aA7.pgp
Description: PGP signature

Reply to: