Re: [RFC] disabled root account / distinct group for users with administrative privileges

To: Carsten Hey <carsten@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: [RFC] disabled root account / distinct group for users with administrative privileges
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 22 Oct 2010 11:44:31 +0100
Message-id: <[🔎] 19649.27407.817579.336069@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20101021225641.GA11785@foghorn.stateful.de>
References: <[🔎] 4CBCCC71.5010507@debian.org> <[🔎] 1287468956.18904.8.camel@tomoyo> <[🔎] 201010190948.58805.jesus.navarro@undominio.net> <[🔎] 20101020021142.GA11047@virgil.dodds.net> <[🔎] 20101020051257.GL3375@mykerinos.kheops.frmug.org> <[🔎] 87eibkfr55.fsf@windlord.stanford.edu> <[🔎] 20101021044900.GB3479@mykerinos.kheops.frmug.org> <[🔎] 871v7j7upk.fsf@windlord.stanford.edu> <[🔎] 20101021225641.GA11785@foghorn.stateful.de>

Carsten Hey writes ("Re: [RFC] disabled root account / distinct group for users with administrative privileges"):
> A group named sudo or sudoroot is somehow linked to sudo as tool used to
> gain administrative privileges.  No one knows if in future an other tool
> will be the de facto standard to gain privileges, as sudo is now, and
> having a group sudoroot whose members are allowed to gain to become root
> using an imaginary suto command sounds wrong.

Speaking as the author of a program ("really") which would also want
to use the same group, I have no problem at all with a group name
which mentions sudo specifically.  This is probably the best way to
ensure that the name is meaningful and not used elsewhere for
something else.

"sudoroot" is better than "sudo", as there already is a sudo group and
therefore people may already be using it for something else.

> As admin already has been discussed and some people raised possible
> disadvantages, what about using an abbreviation of the word privileges,
> i.e., priv as group name?

I wouldn't be at all surprised to find that "priv" was occasionally
used as a username for an ordinary user.

Ian.

Reply to:

Follow-Ups:
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Simon McVittie <smcv@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Teodor MICU <mteodor@gmail.com>

References:
- [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Michael Biebl <biebl@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Josselin Mouette <joss@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Steve Langasek <vorlon@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Christian PERRIER <bubulle@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Russ Allbery <rra@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Christian PERRIER <bubulle@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Russ Allbery <rra@debian.org>
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Carsten Hey <carsten@debian.org>

Prev by Date: Re: Debian bugs #700000 and #1000000 contest
Next by Date: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Previous by thread: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Next by thread: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Index(es):
- Date
- Thread