Re: [RFC] disabled root account / distinct group for users with administrative privileges

To: debian-devel@lists.debian.org
Subject: Re: [RFC] disabled root account / distinct group for users with administrative privileges
From: Carsten Hey <carsten@debian.org>
Date: Fri, 22 Oct 2010 00:56:41 +0200
Message-id: <[🔎] 20101021225641.GA11785@foghorn.stateful.de>
Mail-followup-to: Carsten Hey <carsten@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 871v7j7upk.fsf@windlord.stanford.edu>
References: <[🔎] 4CBCCC71.5010507@debian.org> <[🔎] 1287468956.18904.8.camel@tomoyo> <[🔎] 201010190948.58805.jesus.navarro@undominio.net> <[🔎] 20101020021142.GA11047@virgil.dodds.net> <[🔎] 20101020051257.GL3375@mykerinos.kheops.frmug.org> <[🔎] 87eibkfr55.fsf@windlord.stanford.edu> <[🔎] 20101021044900.GB3479@mykerinos.kheops.frmug.org> <[🔎] 871v7j7upk.fsf@windlord.stanford.edu>

* Russ Allbery [2010-10-21 02:37 -0700]:
> I like sudoroot, personally, but I think sudo is probably okay.

A group named sudo or sudoroot is somehow linked to sudo as tool used to
gain administrative privileges.  No one knows if in future an other tool
will be the de facto standard to gain privileges, as sudo is now, and
having a group sudoroot whose members are allowed to gain to become root
using an imaginary suto command sounds wrong.

> Really, ideally, this is something that would be standardized across
> distributions.

I think, especially if we think about cross distribution standardisation
we should choose a name that is independent from implementation details
like command names.


The subject of this thread summarizes the purpose of this group quite
well:

    ... / distinct group for users with administrative privileges
                                        ^^^^^          ^^^^^^^^^^

As admin already has been discussed and some people raised possible
disadvantages, what about using an abbreviation of the word privileges,
i.e., priv as group name?

> Yeah, that's the argument for using something relatively obscure, ...

priv should be obscure enough ;)


Carsten

Reply to:

Follow-Ups:
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

References:
- [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Michael Biebl <biebl@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Josselin Mouette <joss@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Steve Langasek <vorlon@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Christian PERRIER <bubulle@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Russ Allbery <rra@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Christian PERRIER <bubulle@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: RFH: bug squashing for php5
Next by Date: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Previous by thread: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Next by thread: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Index(es):
- Date
- Thread