Default user decisions
On Thu, May 01, 2008 at 05:39:07PM +0300, Tzafrir Cohen wrote:
> On Thu, May 01, 2008 at 09:48:45AM -0400, John Reese wrote:
>> Marco Amadori wrote:
>>> ssh wise, Ubuntu's choice is more secure, because it disallows ssh
>>> logins if the local console user did not provide a new password.
>>> I think that using a NULL password like ubuntu do and providing
>>> both an interactive way to change it and a boot parameter could
>>> be the way I would like to have the user password managed.
>>> That way we could have a more secure default image approach, a
>>> secure personal use approach and the ability to set a password
>>> easely at build time.
>> I have to agree with this. I really like the Ubuntu approach to
>> securing the root/default users, and I'd like to put my support
>> behind making this behavior the preferred method.
> A user has to install ssh explicitly, anyway. But what happens when
> that "secure" user installs a service that doesn't care about empty
What kind of user?
- An end user running the default Debian Live system; changing the
/cow which will be lost on boot.
- A similar end user running a customized Live system created by an
(intermediary) lh user; or
- An (intermediary) lh user, creating a Live system with on-by-default
attackable services like ssh and httpd?
It seems to me that these cases are fundamentally different, and
should be considered separately.