Routing Root's Mail to Another User
Hi, I seem to recall in earlier SuSE Linux installation / setup procedures you were offered a chance to redirect system administrator mail from root's account to that of another "regular" user (I certainly managed to get it to happen somehow in all my earlier installations). But I don't recall being offered that opportunity when I set up SuSE Linux 10.0 ("Eval") nor can I find out how to set it up now that I'm up and running. Can someone point me in the right direction? Thanks. Randall Schulz
On Sat, Oct 08, 2005 at 07:28:16PM -0700, Randall R Schulz wrote:
Hi,
I seem to recall in earlier SuSE Linux installation / setup procedures you were offered a chance to redirect system administrator mail from root's account to that of another "regular" user (I certainly managed to get it to happen somehow in all my earlier installations). But I don't recall being offered that opportunity when I set up SuSE Linux 10.0 ("Eval") nor can I find out how to set it up now that I'm up and running.
Can someone point me in the right direction?
It is offered when you are asked to make your first user. The same place where you are asked if you want automagic login or not. I personaly still feel that these choices should be reversed, e.g. default recieving of root mail and default NO auto login. Anywho, you can change that in /etc/aliases . This is how mine looks: # The "\root" will make sure that email is also delivered to the # root-account, but also forwared to the user "joe". #root: joe, \root root: houghi # Basic system aliases that MUST be present. <snip> Do *NOT* forget to run `newaliases` as root, otherwise it won't work. houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html
Houghi, On Saturday 08 October 2005 19:51, houghi wrote:
On Sat, Oct 08, 2005 at 07:28:16PM -0700, Randall R Schulz wrote:
Hi,
I seem to recall in earlier SuSE Linux installation / setup procedures you were offered a chance to redirect system administrator mail from root's account to that of another "regular" user (I certainly managed to get it to happen somehow in all my earlier installations). But I don't recall being offered that opportunity when I set up SuSE Linux 10.0 ("Eval") nor can I find out how to set it up now that I'm up and running.
Can someone point me in the right direction?
It is offered when you are asked to make your first user. The same place where you are asked if you want automagic login or not.
Yeah, that sounds like what I remember. For some reason I overlooked it this time.
I personaly still feel that these choices should be reversed, e.g. default recieving of root mail and default NO auto login.
I think I agree. I definitely don't want auto-login.
Anywho, you can change that in /etc/aliases .
...
Do *NOT* forget to run `newaliases` as root, otherwise it won't work.
Thanks.
houghi
Randall Schulz
On Sat, Oct 08, 2005 at 08:14:10PM -0700, Randall R Schulz wrote:
Houghi,
On Saturday 08 October 2005 19:51, houghi wrote:
On Sat, Oct 08, 2005 at 07:28:16PM -0700, Randall R Schulz wrote:
Hi,
I seem to recall in earlier SuSE Linux installation / setup procedures you were offered a chance to redirect system administrator mail from root's account to that of another "regular" user (I certainly managed to get it to happen somehow in all my earlier installations). But I don't recall being offered that opportunity when I set up SuSE Linux 10.0 ("Eval") nor can I find out how to set it up now that I'm up and running.
Can someone point me in the right direction?
It is offered when you are asked to make your first user. The same place where you are asked if you want automagic login or not.
Yeah, that sounds like what I remember. For some reason I overlooked it this time.
I personaly still feel that these choices should be reversed, e.g. default recieving of root mail and default NO auto login.
I think I agree. I definitely don't want auto-login.
They are competing with Microsoft, they have to make it easy enough to use that drooling idiots don't need to remember big scarey log ins and passwords. It's a happy Medium, Root doesn't log in by default, and making users log in, makes them write all of it down and stick it on the monitor anyway. It's a trade off, you secure a computer to the best of your know hows and a user just knocks that down with a pasty.
Anywho, you can change that in /etc/aliases .
...
Do *NOT* forget to run `newaliases` as root, otherwise it won't work.
Thanks.
houghi
Randall Schulz
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
Allen schrieb:
They are competing with Microsoft, they have to make it easy enough to use that drooling idiots don't need to remember big scarey log ins and passwords.
why is there always the need ob "trolling" when it comes up to post something about windows users ? why do they be named as idiots at this point ? why can't u yust think about them as just a user from another OS ? is there any reason to build up a sort of border between them and users of a *nix OS ? btw, they are not the only users how use that function of auto login. for example, we have here in our (small) network also 2 PCs running SuSE 9.3 with auto login. they both do some special things in our office. I know they could do it also if there was no user logged in, but because there are logged in everyone from my workers here can easy switch some of the parameters for the work the PCs do without the need of always login and logout. so, if windows users who still use the auto login function are idiots, I'm the same, because I'm using it too. thangs for given me that name even you don't know me. [yes, I know - don't feed trolls. but these sort of mails make me realy angre. linux is not the only OS, and there are many reason why someone uses linus, unix, BSD, [what ever] and windows. the same reason why we still have some machines running it at the office, and why I have some versions up and running with vmware at home]. JBScout
On Sunday 09 October 2005 04:33 am, JBScout [Thomas Lodewick] wrote:
Allen schrieb:
They are competing with Microsoft, they have to make it easy enough to use that drooling idiots don't need to remember big scarey log ins and passwords.
why is there always the need ob "trolling" when it comes up to post something about windows users ? why do they be named as idiots at this point ? why can't u yust think about them as just a user from another OS ? is there any reason to build up a sort of border between them and users of a *nix OS ?
He wasn't saying Windows users are drooling idiots but that many users in general are, and Widows IS designed for those kind! That is why SUSE builds this feature in, because they are competing for these users. -- See Ya' Howard Coles Jr. John 3:16!
On Sun, Oct 09, 2005 at 11:33:17AM +0200, JBScout [Thomas Lodewick] wrote:
Allen schrieb:
They are competing with Microsoft, they have to make it easy enough to use that drooling idiots don't need to remember big scarey log ins and passwords.
why is there always the need ob "trolling" when it comes up to post something about windows users ? why do they be named as idiots at this point ? why can't u yust think about them as just a user from another OS ? is there any reason to build up a sort of border between them and users of a *nix OS ?
Hallo, Mein name ist Allen, nicht troll, und ich hab nich gezagt of Windows. I said "users" were idiots, not Windows users.
btw, they are not the only users how use that function of auto login. for example, we have here in our (small) network also 2 PCs running SuSE 9.3 with auto login. they both do some special things in our office. I know they could do it also if there was no user logged in, but because there are logged in everyone from my workers here can easy switch some of the parameters for the work the PCs do without the need of always login and logout.
so, if windows users who still use the auto login function are idiots, I'm the same, because I'm using it too. thangs for given me that name even you don't know me.
Uhhh, mann, Ich said in a way I was standing up for auto login... How could you take it as a personal insult when you use it too? Everyone bashed it and I stood up for it. I didn't say everyone using auto login was an idiot, I said just about all users were, they don't care if it's secure, they care it plays their MP3s, movies and games.
[yes, I know - don't feed trolls. but these sort of mails make me realy angre. linux is not the only OS, and there are many reason why someone uses linus, unix, BSD, [what ever] and windows. the same reason why we still have some machines running it at the office, and why I have some versions up and running with vmware at home].
Ummm, OK, there are almost 200 OSs here that I use. I have DOS, Windows 1.0, 3.11, 95, 95B, 98, 98SE, 2000, Me, XP (4 copies) Server 2003, NetBSD, Free BSD, Solaris, Linux Desktop 9, SUSE 8.1 8.2 9.1 9.2 9.3 10.0, RedHat 6.X, 7.2 7.3 8.0 9.0, BeOS Pro 5, Mandrake 7, 9, 9.1, 10....Mandriva, Slackware 3.6, 8.0 9, 9.1 10, 10.1, Debian, Trustix.... Alot more but I'm not listing all of them, the point is, I use all of them, I don't just have them. So before you say how I don't even know you yet and I'm saying something about you, think about that satement, becayse you did the same thing to me. -DasBlut / Allen
JBScout
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
Hi All, I'm with Randall on this. Linux is increasingly competing successfully against Windows by *not being Windows*. SUSE/Novell needs to lead by example instead of encouraging insecure computing practices. Having the GUI option available, at all, is already a big compromise. Turning it on by default at installation goes too far and will be counterproductive in the long haul. Encouraging insecure practices is not a successful competitive strategy because it moves you farther away from the goal instead of closer to it. Anyway, Linux is increasingly competing successfully against Windows by *not being Windows* and this is one reasonable area to remain differentiated. my 2 cents, - Carl
Carl Hartung wrote:
Encouraging insecure practices is not a successful competitive strategy because it moves you farther away from the goal instead of closer to it.
When you see this as being insecure, what about GRUB not being password protected by default? init=/bin/bash gave me immediate access to the system last time I tried. Once you are at it, you should also require people to secure their BIOS with a password and deactivate booting from removable media/network. Because both methods will give an attacker full access without having to use a screwdriver (those are another matter). If (and only if) the user has adequately secured both his BIOS and his boot loader he can start worrying about auto login, which does _not_ give you full control over the system, in contrast to the other two. I think that it is safe to assume that every user that secures his BIOS and boot loader is also clever enough to turn off auto login. Regards nordi
On Sunday 09 October 2005 09:41, nordi wrote:
When you see this as being insecure, what about GRUB not being password <snippage>
Hi Nordi, In my mind, the question was "Should the use of auto login be encouraged or suggested?" *not* "Does disabling auto login create a secure computer?" Password protecting the desktop helps to prevent casual or opportunistic snooping and attacks. Access to documents and frequently used "private" applications like IM, chat, VOIP and e-mail clients, also one's reading material and playlists or financial correspondence, etc., is made more difficult... obviously, not impossible... but the front door won't always swing wide open and invite such mischief, which is the main concern I have with auto login. Mind you, casual events aren't always "trivial," either They can range from jokes gone awry, like someone posing as you sending a dirty joke to your spouse but cc's the CEO or the Chief of Police or the Mayor... or someone more vengeful sending threats to your Ex or downloading illegal content or attempting to destroy your data. Anticipating, and guarding against, such potentialities is everybody's responsibility, including Novell/SUSE's. You and I and others experienced in such matters know enough to uncheck that little box during installation. My concern is that it conveys an impression to new and unsophisticated customers that auto login is a normal and accepted practice within the Linux community, which my belief is it *is not* (emphasized for clarity). Also, leading starts with behavior. If you convey, through your actions as well as words, a consistent philosophy and attention to detail, people witnessing or participating in some way with you are more likely to follow suit. If your actions are contradictory (for instance, seeming to recommend auto login during the installation process,) others... particularly those who are naive and inexperienced, can be discouraged from making the right decision. IMHO, the "right" decision is auto login disabled. regards, - Carl
Carl Hartung wrote:
In my mind, the question was "Should the use of auto login be encouraged or suggested?" In my opinion, there is no real reason against that. But read on...
like someone posing as you sending a dirty joke to your spouse but cc's the CEO or the Chief of Police or the Mayor... or someone more vengeful sending threats to your Ex or downloading illegal content or attempting to destroy your data. All of this sounds like things you would see in a company, where coworkers hack each other. But in a company, I'd expect that someone sets up the systems that can tell apart softlinks and hardlinks. And such a person would not use auto login.
For Joe Average, who installs Suse on his computer at home, all of this is irrelevant. The box is used by him and his wife, probably even sharing the same account. Local attackers are no issue, since he only lets trusted people inside his apartment/house. This is the type of user for whom auto login should actually be encouraged, since it makes Suse easier to use. Assuming that a professional administrator is clever enough to turn it off right from the start, but Joe average is not clever enough to turn it on we should activate it by default when local authentification is used (=no corporate network). Regards nordi
On Sunday 09 October 2005 14:50, nordi wrote: <snippage> Hi Nordi, I think your work in obtaining the fastest possible power-on to desktop experience has clouded your judgment. Your assertion that auto login makes "SUSE easier to use" is baseless; patently false. If you have proof to the contrary, show me the research and I'll take it under consideration. Meanwhile, I doubt you believe the need for a password makes your ATM "harder" to use. It is more prudent... not to mention more consistent with the design philosophy behind *nix... to default to the setting which is more private and secure. Yes, I think auto login is a nice *feature*, but it should be a feature that requires a bit of knowledge, forethought and effort to enable instead of one that gets set automatically through oversight or ignorance. IOW, if you're going to err, err on the side of caution instead of convenience. You're talking about people's privacy and security here. - Carl
Meanwhile, I doubt you believe the need for a password makes your ATM "harder" to use. You are confusing things: With an ATM you _do_ have the risk of someone standing in front of the ATM that is not trusted. As a result, passwords are necessary. With a PC at somebody's home you very often do not have
Yes, I think auto login is a nice *feature* Password protection is the feature, not auto login. You need lots of additional programs and infrastructure for password protection, auto login needs nothing. Think of MS DOS, did that have an auto login
Carl Hartung wrote: the risk of local attacks. E.g. many video recorders/TVs have _optional_ passwords that can be activated to prevent the kids messing with it. However, this password function is by default _de_activated (=auto login), since in most cases the there is no "attacker". Hence password protection is unnecessary and would make the video recorder/TV harder to use than necessary. Or how would you like to enter a password every time you switch on your TV? Password protected fridges, anyone? After all, these could get raided as well. The same argument goes for your PC at home(which for many users is not more than a TV + telephone + gaming console): If there is no attacker, you do not need a defense! program? Maybe you should see auto login more as the removal of an _unnecessary_ feature...
but it should be a feature that requires a bit of knowledge forethought and effort to enable Auto login is aimed at the non-technical users, so making it hard to use makes it useless. Btw, a good distribution should _reduce_ the effort it takes to do things, not increase it. And maybe include a few warning signs for the unwary. But with auto login you do not need to be a computer expert to see the security implications.
Regards nordi
On Mon, Oct 10, 2005 at 01:05:38AM +0200, nordi wrote:
Meanwhile, I doubt you believe the need for a password makes your ATM "harder" to use. You are confusing things: With an ATM you _do_ have the risk of someone standing in front of the ATM that is not trusted. As a result, passwords are necessary. With a PC at somebody's home you very often do not have
Carl Hartung wrote: the risk of local attacks.
The risk of people auto logging in can be desastrous. Not so much by hacking as it is by accident. I have found out the hard way that you can delete stuff in the wrong directory. The wife can turn the PC on or the kids, just to look and then by accident delete all of your ~/ and that will happen just before the backup and after spending 10 hours of work on something, or at the moment your backup is out of sync for several weeks.
E.g. many video recorders/TVs have _optional_ passwords that can be activated to prevent the kids messing with it. However, this password function is by default _de_activated (=auto login), since in most cases the there is no "attacker". Hence password protection is unnecessary and would make the video recorder/TV harder to use than necessary. Or how would you like to enter a password every time you switch on your TV? Password protected fridges, anyone? After all, these could get raided as well.
It is not the hacker I am afraid of. A real hacker with physical acess could enter your PC with just a little effort. It is the unintended acces I am talking about.
The same argument goes for your PC at home(which for many users is not more than a TV + telephone + gaming console): If there is no attacker, you do not need a defense!
Yes, I do. So it makes me aware of the fact that when I use a PC, I must use a key, wich then makes me aware that there is a reason for this, safety.
Yes, I think auto login is a nice *feature* Password protection is the feature, not auto login. You need lots of additional programs and infrastructure for password protection, auto login needs nothing. Think of MS DOS, did that have an auto login program? Maybe you should see auto login more as the removal of an _unnecessary_ feature...
You are not really taking MS DOS as an example of why not to use a password, are you. I won't even go into that, because that is way to easy.
but it should be a feature that requires a bit of knowledge forethought and effort to enable Auto login is aimed at the non-technical users, so making it hard to use makes it useless. Btw, a good distribution should _reduce_ the effort it takes to do things, not increase it. And maybe include a few warning signs for the unwary. But with auto login you do not need to be a computer expert to see the security implications.
And that last thing is excactly the point why a password needs to be entered. Now people do not see the security implication. They then also do not see the fact that it can be dangerous just to click on everything. I know people who do not do `wrong` things with their pc's, because they are logged in and therefore the sysadmin knows what is going on. While at the same time, DHCP can tell the sysadmin also ecactly what PC is doing what. For me it is all about resposability. A PC is not a TV or a fridge or any other household applience. If somebody does something to your PC, you might loose data, you might give Phishers your credit card account, you might endager other peoples PC,s by being an open relay, ... The only reason you could turn auto login on is because that way you get much less people asking how the can log in automagically. Explaing this will take about (Guessing here) 90 seconds with another 20 to log the call. I am not including registration. Now pick a number of calls per hour worldwide that this will generate and put those numbers in http://www.erlang.com/calculator/call/ You will see that that amounts to a number of agents, wich can be translated to money. houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html
houghi wrote:
I have found out the hard way that you can delete stuff in the wrong directory. Sure, that happens. Been there... But that can also happen if you are logged in with a password.
just to look and then by accident delete all of your ~/ So you want to have the password for safety reasons, not for security. Safety: Protection against accidents. Security: Protection against attackers. I don't think Linux is supposed to take care of safety, that is your own business (backup, UPS, fire alarm, earthquake-proof building...). Although it does do that, just think of the KDE trashcan.
Password protection is the feature, not auto login. You need lots of additional programs and infrastructure for password protection, auto login needs nothing. Think of MS DOS, did that have an auto login program? Maybe you should see auto login more as the removal of an _unnecessary_ feature...
You are not really taking MS DOS as an example of why not to use a password, are you. Certainly not. I was just illustrating that passwords are an add-on feature to the distribution to counter Carl's argument that auto login was an add-on feature. Password protection is a feature that was not
But reading the Suse Linux 10.0 manual, I ran over the following sentence in section 4.1. The English translation is something like "If your computer has more than one user account, all users have to authenticate." This would fix your objections while still keeping auto login useful for the average Joe. But for some odd reason, I have 2 accounts on this system, and auto login still works. So someone forgot to implement that. Maybe I'll file a bug tomorrow morning. present in MS DOS, hence it was auto login.
Auto login is aimed at the non-technical users, so making it hard to use makes it useless. Btw, a good distribution should _reduce_ the effort it takes to do things, not increase it. And maybe include a few warning signs for the unwary. But with auto login you do not need to be a computer expert to see the security implications.
And that last thing is excactly the point why a password needs to be entered. Well, the only security implication of auto login is: "Everybody standing in front of the PC can switch it on just like I do, and then use it just like I do." Anyone that can button his shirt by himself is able to see that.
A PC is not a TV or a fridge or any other household applience. That really depends on whom you ask...
The only reason you could turn auto login on is because that way you get much less people asking how the can log in automagically. [...]
Now pick a number of calls per hour worldwide that this will generate and put those numbers in http://www.erlang.com/calculator/call/ You will see that that amounts to a number of agents, wich can be translated to money. Very interesting point. I think at least from a business perspective it makes a lot of sense to try to reach a balance between security/safety and usability, at least when you produce a consumer OS like Suse Linux.
Not like I wouldn't want a default umask to 077 for Suse and default permissions set to "secure" instead of "easy". But I don't think that will happen any time soon. For usability reasons. Cheers nordi
On Mon, Oct 10, 2005 at 02:29:14AM +0200, nordi wrote:
Certainly not. I was just illustrating that passwords are an add-on feature to the distribution to counter Carl's argument that auto login was an add-on feature. Password protection is a feature that was not present in MS DOS, hence it was auto login.
Somebody already pointed out that DOS was a single user, single machine, no connection type of thing. Linux comes from the Unix world and was designed to be multi user.
And that last thing is excactly the point why a password needs to be entered. Well, the only security implication of auto login is: "Everybody standing in front of the PC can switch it on just like I do, and then use it just like I do." Anyone that can button his shirt by himself is able to see that.
A PC is not a TV or a fridge or any other household applience. That really depends on whom you ask...
Indeed. And if I want to have an opinion, I ask people who understand the matter. A lot of people also log in as root or as admin and think that is very normal. That does not mean they are right, even they are the majority.
Very interesting point. I think at least from a business perspective it makes a lot of sense to try to reach a balance between security/safety and usability, at least when you produce a consumer OS like Suse Linux.
I could not find a reference, but know (from memeory, so probably not true) that that is the reason Microsoft turned all services on, because then they would not be bothered by phonecalls asking how to turn service X on. For Microsoft this could go into a few hundred people less to hire.
Not like I wouldn't want a default umask to 077 for Suse and default permissions set to "secure" instead of "easy". But I don't think that will happen any time soon. For usability reasons.
We are only talking about wether or not the login should be on or off suring the instalation. I log in mayby twice a day (today a bit more, because I am testing the login screen). Put a big red mark next to it and tell people that if they do NOT want to enter a password, to put a cross there. You can change it during instalation, you can change it later. However I think the default should be no cross there during the instalation (and root mail to the first person as well) houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html
On Mon, Oct 10, 2005 at 01:05:38AM +0200, nordi wrote:
Meanwhile, I doubt you believe the need for a password makes your ATM "harder" to use. You are confusing things: With an ATM you _do_ have the risk of someone standing in front of the ATM that is not trusted. As a result, passwords are necessary. With a PC at somebody's home you very often do not have
Carl Hartung wrote: the risk of local attacks.
And with a computer someone could sniff your passwords for things like your bank account....
E.g. many video recorders/TVs have _optional_ passwords that can be activated to prevent the kids messing with it. However, this password function is by default _de_activated (=auto login), since in most cases the there is no "attacker". Hence password protection is unnecessary and would make the video recorder/TV harder to use than necessary. Or how would you like to enter a password every time you switch on your TV? Password protected fridges, anyone? After all, these could get raided as well.
You seem to live in Germany, meaning you probably haven't ever had someone rack up your cable bill, mainly because there isn't one, but in America you pay for watching things on TV and it's VERY SIMPLE to rack up the amount of money they have to pay each month to the cable company and ordering movies which costs A LOT extra.
The same argument goes for your PC at home(which for many users is not more than a TV + telephone + gaming console): If there is no attacker, you do not need a defense!
Ummm, you don't need to be sitting at a computer to get to it. Remote attacks have existed longer than the standing near you ones have.
Yes, I think auto login is a nice *feature* Password protection is the feature, not auto login. You need lots of additional programs and infrastructure for password protection, auto login needs nothing. Think of MS DOS, did that have an auto login program? Maybe you should see auto login more as the removal of an _unnecessary_ feature...
No, MS-DOS didn't have auto log in programs, it was single user single tasking, there is a difference.
but it should be a feature that requires a bit of knowledge forethought and effort to enable Auto login is aimed at the non-technical users, so making it hard to use makes it useless. Btw, a good distribution should _reduce_ the effort it takes to do things, not increase it. And maybe include a few warning signs for the unwary. But with auto login you do not need to be a computer expert to see the security implications.
Regards nordi
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
On Sun, Oct 09, 2005 at 08:50:38PM +0200, nordi wrote:
All of this sounds like things you would see in a company, where coworkers hack each other. But in a company, I'd expect that someone sets up the systems that can tell apart softlinks and hardlinks. And such a person would not use auto login.
I have installed SUSE several times now on my system (Well, Beta's and RC1) and although I try to think about it, I have forgotten it a few times. I can imagine if an IT person has to do installs and is not using imaging or other pre-configured ways to do it, he will forget it too. Configures the admin account, then runs a script in [CTRL][ALT][F1]. I am not saying it should be impossible, I am just saying that I make the first user the maintainer and that person should get the mail as well and should not log in automagically. I am the only person working on this machine and there are only two users that can log in. root (wich never logs in) and houghi. Yet I still always log in. Good practice, I think, just like wearing a seatbelt in a car, it becomes a natural thing, even if I only need to move my car 20 meters. houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html
nordi
Assuming that a professional administrator is clever enough to turn it off right from the start, but Joe average is not clever enough to turn it on we should activate it by default when local authentification is used (=no corporate network).
Note that for the enterprise products (NLD, SLES), autologin is turned off, it's only on by default on SUSE Linux - and then only with local authentification (not with NIS etc), Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Mon, Oct 10, 2005 at 06:56:00AM +0200, Andreas Jaeger wrote:
Note that for the enterprise products (NLD, SLES), autologin is turned off, it's only on by default on SUSE Linux - and then only with local authentification (not with NIS etc),
So the choce has been clearly, userfriendlyness before safety. A scary thought. houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html
houghi
On Mon, Oct 10, 2005 at 06:56:00AM +0200, Andreas Jaeger wrote:
Note that for the enterprise products (NLD, SLES), autologin is turned off, it's only on by default on SUSE Linux - and then only with local authentification (not with NIS etc),
So the choce has been clearly, userfriendlyness before safety. A scary thought.
Yes, for a system that's used for one person only that was the choice made (note if you have more than one user, autologin is turned off AFAIK). I'll discuss this with the advocates of the feature now, Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Mon, Oct 10, 2005 at 11:57:44AM +0200, nordi wrote:
Andreas Jaeger wrote:
(note if you have more than one user, autologin is turned off AFAIK). This is also what the manual says, but it is not what is happening. I filed bug #121923 for this.
I have a solution for this bug. Just turn it off by default. Problem solved. <Ducks> ;-) houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html
On Monday 10 October 2005 06:38, nordi wrote:
houghi wrote:
I have a solution for this bug. Just turn it off by default. Problem solved. <Ducks> ;-)
People have suggested that before, and that suggestion got rejected. Have a look at bug #117676 for example.
Hi All, I'm submitting my last comments on this subject, as I've had a chance to sleep and mull the discussion over. 1. There are two competing camps, default 'on' and default 'off'. Each has precedents, facts and a rational purpose behind them, meaning there is no clear "right way" or "wrong way" when the conflict is viewed as an either/or proposition. 2. The conflict emerges as a natural consequence of the principal benefit from each side being viewed by the other as a flaw. The reality is the features are symmetrical and balanced, they represent diametrically opposed perspectives but *not* opposite goals, so the debate becomes protracted and circular, meaning it will never resolve to a clear "winner." 3. There exists a middle ground, however, a design change which effectively accommodates the two views, bringing peace and harmony back to the world. Well... at least on this topic. :-) 4. Briefly outline the advantages and disadvantages of each login arrangement wherever the choice is offered, but remain as neutral as possible in the presentation. This can be accomplished by providing a single two checkbox "<>On <>Off" control which is not preselected when the dialog appears. This allows the enduser to make a reasonably informed choice without interpreting the preset control as a "recommended" or "default" choice, thereby absolving Novell/SUSE of any moral/karmic liabilities and ensuring the basic concerns of each camp are addressed. I recognize that this shaves off a tiny fraction of the default 'on' camp's territory by putting the decision squarely back on the enduser, but any truly neutral solution is going do that. I suggest, in the interest of putting this debate to rest permanently, the solution is worth a very small compromise. Comments? I look forward to reading them but a cyclic debate, once recognized as such, is futile to pursue. regards, - Carl
On Mon, Oct 10, 2005 at 11:51:42AM -0400, Carl Hartung wrote:
4. Briefly outline the advantages and disadvantages of each login arrangement wherever the choice is offered, but remain as neutral as possible in the presentation. This can be accomplished by providing a single two checkbox "<>On <>Off" control which is not preselected when the dialog appears. This allows the enduser to make a reasonably informed choice without interpreting the preset control as a "recommended" or "default" choice, thereby absolving Novell/SUSE of any moral/karmic liabilities and ensuring the basic concerns of each camp are addressed.
I think that is an even worse situation as we have now. I know for a fact that almost nobody reads what is on their screen and just click on next. It also does not solve the issue wether the default should be on or off and I hope you are not forcing people to choose or not be able to go on with the instalation. New people will be very worried wether they made the right choice or not Also making a pro - contra list is not a very good way to do it, becasue people will just count the numbers of pro and contra and make a choice without weighing each item on importance. 1 item can be so importand that it overshadows all the rest and unfortunatly the people for whom we make this choice will not have the experience to do this. People who do have the exprience do not need the explanation. houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html
On Monday 10 October 2005 12:09, houghi wrote:
I think that is an even worse situation as we have now. I know for a fact that almost nobody reads what is on their screen and just click on next.
This is an unfounded assumption. People are forced to make choices in life all the time. I'm not suggesting a 5,000 word EULA, but a few key bullet points discussing the benefits and risks.
It also does not solve the issue wether the default should be on or off
Yes it does. It eliminates the "default". There shouldn't *be* a default since this decision clearly belongs to the enduser.
and I hope you are not forcing people to choose or not be able to go on with the instalation.
Why not? You cannot proceed with the installation without accepting many other choices, right?
New people will be very worried wether they made the right choice or not
Not if the descriptions are well written. The enduser knows best the type of environment the machine will be living in. That is why it's best to avoid a "default". A "default" presumes to know which login arrangement best fits the "majority" of cases (whatever that is).
Also making a pro - contra list is not a very good way to do it, becasue people will just count the numbers of pro and contra and make a choice without weighing each item on importance.
Intelligently and thoughtfully prepared instructions can present the information needed in a balanced, neutral manner.
1 item can be so importand that it overshadows all the rest
That is the judgment call you want the enduser to make.
and unfortunatly the people for whom we make this choice will not have the experience to do this.
You are presuming too much. As Nordi has stated, anyone can easily recognize the implications of bypassing a password and having the system boot directly to the desktop. Don't unnecessarily "complexify" and protract this debate.
People who do have the exprience do not need the explanation.
Precisely. But I suggest the people who do *not* have the experience also deserve to be treated as adults and be given the opportunity to learn and think for a few minutes about the decision. - Carl
Carl Hartung wrote:
On Monday 10 October 2005 12:09, houghi wrote:
and I hope you are not forcing people to choose or not be able to go on with the instalation.
Why not?
Because that was also suggested in bug #117676. The reply was "And no, explicitly asking the user is _not_ an option. We try to minimize the number of questions we ask." Regards nordi
nordi wrote:
[...]
If (and only if) the user has adequately secured both his BIOS and his boot loader he can start worrying about auto login, which does _not_ give you full control over the system, in contrast to the other two. I think that it is safe to assume that every user that secures his BIOS and boot loader is also clever enough to turn off auto login.
Nobody said the auto login feature should be removed ;-) It is just a matter of policy whether to enable this feature by default. I remember the ancient SuSE distributions when the apache webserver was installed *and* activated by default. So we had lots of (more or less) unconfigured webservers around the world (well, call it Germany or maybe Europe at that time; I don't think that SuSE Linux was well known and frequently used outside of Europe at that time) because sometimes people were not even aware that this service had been activated during setup. Of course, you can always use the argument "you can switch it off if you like", but I don't like such a policy for default settings - I prefer not having a default auto login although it might appear a bit antiquated to others who might already know this feature very well from the Windows world (call them, maybe, Linux newbies). Unfortunately, it gets more and more complicated with every new SuSE Linux version to *deactivate* these "features" (auto login, subfs, suseplugger, etc.). Yes, maybe I am a dinosaur on that score :-) I will not be surprised seeing one day a Linux distribution which promotes working as root all the time because it's so much easier to install RPMs and you don't have to enter that annoying root password everytime... Greetings from London, Th.
Carl, On Sunday 09 October 2005 06:05, Carl Hartung wrote:
Hi All,
I'm with Randall on this. Linux is increasingly competing successfully against Windows by *not being Windows*. SUSE/Novell needs to lead by example instead of encouraging insecure computing practices.
Whoa, whoa, whoa! I was not the one ranting on the average human intelligence (this time) and how choice of operating system relates to it! That was Allen.
...
my 2 cents,
- Carl
Randall Schulz
On Sun, Oct 09, 2005 at 10:27:23AM -0700, Randall R Schulz wrote:
Carl,
On Sunday 09 October 2005 06:05, Carl Hartung wrote:
Hi All,
I'm with Randall on this. Linux is increasingly competing successfully against Windows by *not being Windows*. SUSE/Novell needs to lead by example instead of encouraging insecure computing practices.
Whoa, whoa, whoa!
I was not the one ranting on the average human intelligence (this time) and how choice of operating system relates to it!
That was Allen.
Hi, I'm Allen, Randall as he said, was not the one who said that, it was me, and I stand by it lol. Seriously, I've seen things so disgusting it's not even funny. Ther eis a limit on how someone uses a computer at times. At my college for example, they had to lock the machines down more, not because they were getting broken into, but the people NOT in computer science didn'tcare how insecure apps they liked were, they wanted them anyway. Hell, I'll even use an example here: two days ago my Mom decided to stop the AV scan that waqs going on because it made her browser slow....
...
my 2 cents,
- Carl
Randall Schulz
-Allen
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
On Sunday 09 October 2005 14:08, Allen wrote:
Hi, I'm Allen, Randall as he said, was not the one who said that, it was me, and I stand by it lol. <snip>
Hi Allen! As I just posted, I miscounted quote delimiters...
Seriously, I've seen things so disgusting it's not even funny.
Oh, I've run out of room to store those horror stories in my head. And it seems like there's an inverse relationship between the dangers out there and the volume of neophyte targets.
two days ago my Mom decided to stop the AV scan that waqs going on because it made her browser slow....
You think that's bad? How about my gf closing down ZoneAlarm 'cause it was the only way she could download some stupid wallpaper... from an EMAIL link? (muffled SCREAM goes here...) be good! - Carl
On Sunday 09 October 2005 13:27, Randall R Schulz wrote:
Whoa, whoa, whoa!
I was not the one ranting on the average human intelligence (this time) and how choice of operating system relates to it!
That was Allen.
Sorry, Randall! I miscounted my ">" quote delimiters. At least I *thought* I was agreeing with you, lol! ;-) - Carl
Allen wrote:
They are competing with Microsoft, they have to make it easy enough to use that drooling idiots don't need to remember big scarey log ins and passwords.
It's a happy Medium, Root doesn't log in by default, and making users log in, makes them write all of it down and stick it on the monitor anyway. It's a trade off, you secure a computer to the best of your know hows and a user just knocks that down with a pasty.
Hey Allen, I think it's more than frustrating to call everybody that's not a computer expert a "drooling idiot". It's a fact that a *normal* home user wants to turn on his computer and start to work, without thinking about all the techniques behind a computer and what device in it makes exactly has what function. Isn't it possible for linuxers to accept that there are others around, still impressed by the simpleness and stability of Linux? But they don't know how to compile a kernel or how to install a program from sources... in fact they probably don't know what a source is! So as Linux is growing to the mass market, Linux pro's should start to help them and not to call them *idiots*; otherwise tey'll tell everybody what a crap Linux is (ups.. sorry! That's absolutely not what I think! So don't kill me for this sentence) and if they get no help, they'll just fall back to Windows: the system they^ve been using for a long time and the system with many so-called professionals around... Sorry dewds! I just think a lot of wars could be avoided if we'd accept that not everybody has the same knowledge and meaning about something! Greetings, Dominique
On Sun, Oct 09, 2005 at 06:58:30PM +0200, Dominique Leuenberger wrote:
Allen wrote:
They are competing with Microsoft, they have to make it easy enough to use that drooling idiots don't need to remember big scarey log ins and passwords.
It's a happy Medium, Root doesn't log in by default, and making users log in, makes them write all of it down and stick it on the monitor anyway. It's a trade off, you secure a computer to the best of your know hows and a user just knocks that down with a pasty.
Hey Allen,
Hallo
I think it's more than frustrating to call everybody that's not a computer expert a "drooling idiot". It's a fact that a *normal* home user wants to turn on his computer and start to work, without thinking about all the techniques behind a computer and what device in it makes exactly has what function.
I didn't call everyone that wasn't an expert an idiot, I called "users" an idiot. There is a difference, read some BOFH stories, you'll see what I mean. All computer users aren't idiots, I meant the word user as in "user class" the ones who don't care how it works and don't want to know at all as long as their games work. My cousin for example, he doesn't install Windows updates because it might use up his 120 GN HD that has hardly ANYthing on it. Of course the machine barely boots up now, but he doesn't care if broken and how more than likely his personal information is on the web, he only cares his games work. that's an idiot user. So please don't take what I said the wrong way, I didn't call non experts idiots, just the ones making the internet more and more insecure each day. Internet is a community, and no community survives without SOMEONE caring.
Isn't it possible for linuxers to accept that there are others around, still impressed by the simpleness and stability of Linux? But they don't know how to compile a kernel or how to install a program from sources... in fact they probably don't know what a source is!
Again, I didn't say you had to know this to not be an idiot, read as I said above.
So as Linux is growing to the mass market, Linux pro's should start to help them and not to call them *idiots*; otherwise tey'll tell everybody
Heh, it's kind of funny, people are willing to spend thousands of dollars on a machine they know nothing about (A Computer) and then more people make millions exploiting these people by telling them "No it's OK you don't need to learn all this computer science, you can just give money to me and I'll fix it"... Who is the REAL asshole here, me or the people making money on incompetence?
So don't kill me for this sentence) and if they get no help, they'll just fall back to Windows: the system they^ve been using for a long time and the system with many so-called professionals around...
Sorry dewds! I just think a lot of wars could be avoided if we'd accept that not everybody has the same knowledge and meaning about something!
And a lot of Wars wouldn't be started in the first place had someone not taken something the wrong way. -Allen
Greetings, Dominique
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
participants (10)
-
Allen
-
Andreas Jaeger
-
Carl Hartung
-
Dominique Leuenberger
-
houghi
-
Howard Coles Jr.
-
JBScout [Thomas Lodewick]
-
nordi
-
Randall R Schulz
-
Thomas Hertweck