[opensuse] [feature-request] passwordless users in Yast
hi all ! Do you know that during install Yast *requires* you to setup user-password? It is simply wrong. Linux as a Free system should not force people to do that. In addition to that Yast auto-setups auto-login, which anyways negates the user-password. Plus, for single user systems, (all home PCs) having a user password won't improve security in any way. I call to people: please make user-passwords during Yast SUSE setup non-mandatory. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Alexey Eremenko wrote:
hi all !
Do you know that during install Yast *requires* you to setup user-password?
It is simply wrong. Linux as a Free system should not force people to do that.
In addition to that Yast auto-setups auto-login, which anyways negates the user-password. Plus, for single user systems, (all home PCs) having a user password won't improve security in any way.
I call to people: please make user-passwords during Yast SUSE setup non-mandatory. The main reason for that is security. It makes it more difficult to accidentally do something dumb and also makes it difficult for malware to do much.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
The main reason for that is security. It makes it more difficult to accidentally do something dumb and also makes it difficult for malware to do much.
This is not true. It it true only for root, not for user. User is always logged in, so malware always has full control of user account. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue 23 Jan 2007 19:55, Alexey Eremenko wrote:
This is not true. It it true only for root, not for user. User is always logged in, so malware always has full control of user account.
Does anyone know why WVDIAL makes one use 'sux' on Konsole to call wvdial ? . . . it seems impossible to use wvdial as 'User' thanks -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
riccardo35@gmail.com wrote:
On Tue 23 Jan 2007 19:55, Alexey Eremenko wrote:
This is not true. It it true only for root, not for user. User is always logged in, so malware always has full control of user account.
_____
Does anyone know why WVDIAL makes one use 'sux' on Konsole to call wvdial ? . . . it seems impossible to use wvdial as 'User'
I believe the process is to make the user a member of the uucp group. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue 23 Jan 2007 20:22, James Knott wrote:
riccardo35@gmail.com wrote:
On Tue 23 Jan 2007 19:55, Alexey Eremenko wrote:
This is not true. It it true only for root, not for user. User is always logged in, so malware always has full control of user account.
_____
Does anyone know why WVDIAL makes one use 'sux' on Konsole to call wvdial ? . . . it seems impossible to use wvdial as 'User'
I believe the process is to make the user a member of the uucp group.
____________ - Thank you - indeed the User IS a member of uucp group - that did not fix it Best :) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
I believe the process is to make the user a member of the uucp group.
I had to manually add myself to that group. It wasn't standard in 10.2, or at least my install. -- (o:]>*HUGGLES*<[:o) Billie Walsh The three best words in the English Language: "I LOVE YOU" Pass them on! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 23 January 2007 11:55, Alexey Eremenko wrote:
The main reason for that is security. It makes it more difficult to accidentally do something dumb and also makes it difficult for malware to do much.
This is not true. It it true only for root, not for user. User is always logged in, so malware always has full control of user account.
right. So malware can screw up my account. TSOL! I have a backup. It cannot get to the root system. -- k -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 23 January 2007 11:25, Alexey Eremenko wrote:
hi all !
Do you know that during install Yast *requires* you to setup user-password?
Yes, I did.
It is simply wrong.
No, it isn't.
Linux as a Free system should not force people to do that.
It doesn't.
In addition to that Yast auto-setups auto-login, which anyways negates the user-password.
Not at all. You see, as a user, you have only rights and access to YOUR stuff. I have three SUSE boxes at home all with single users. Each has the same root password. Virus code cannot execute or install applications without me granting it the root password.
Plus, for single user systems, (all home PCs) having a user password won't improve security in any way.
I call to people: please make user-passwords during Yast SUSE setup non-mandatory.
Here, this link might help. http://www.microsoft.com/windows/default.mspx HTH! HAND. -- kai www.perfectreign.com || www.4thedadz.com www.filesite.org || www.donutmonster.com closing the doors that surround me so no one will ever penetrate complete my retreat just to wait for the day that never comes so i will laugh alone -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 23 January 2007 13:25, Alexey Eremenko wrote:
Do you know that during install Yast *requires* you to setup user-password?
It is simply wrong. Linux as a Free system should not force There isn't anything wrong about it....
... and even if you don't like it (and you should like it, it protects you) you can change it easily yourself. You must remember... this isn't windblows. -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 1/24/07, M Harris
On Tuesday 23 January 2007 13:25, Alexey Eremenko wrote:
Do you know that during install Yast *requires* you to setup user-password?
It is simply wrong. Linux as a Free system should not force There isn't anything wrong about it....
... and even if you don't like it (and you should like it, it protects you) you can change it easily yourself.
You must remember... this isn't windblows.
You have a false sense of protection; what actually protects you is the root password, not the user one. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 24 January 2007 21:33, Alexey Eremenko wrote:
You have a false sense of protection; what actually protects you is the root password, not the user one.
and if you run as root, this won't protect you at all If you run as root, you deserve everything you get. It's folly and stupidity, and I certainly hope you're not suggesting this to any other newbies you're showing linux to. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ysgrifennodd Anders Johansson:
and if you run as root, this won't protect you at all
If you run as root, you deserve everything you get. It's folly and stupidity, and I certainly hope you're not suggesting this to any other newbies you're showing linux to.
In fairness, I don't think that was what this marginal troll was saying. The difficulty seems to me to be that his threat model is different from that of many of the rest of us. He is prepared to discount the fact that someone other than himself might access his Linux box without his knowledge and do evil things. He trusts all the people he lives with, and he trusts the locks on his doors and windows and, possibly, the burglar alarm. My threat model says that I have private stuff on my box and I don't want anyone but me accessing it. One way of ensuring that is by passwording my account. It seems to me to be so little trouble to do this, that I willingly do it - on the basis that all good security is based on the principle of security in depth (the more doors you have to get through, the harder the treasure is to steal). He's entitled to his opinion on his threat model, but I don't see why he should want to force it on the rest of us - especially when it is so easy to change an account from being passworded to having no password. I just don't see his problem. But that's just me. What do I know? Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 24 January 2007 21:52, Peter Bradley wrote:
Ysgrifennodd Anders Johansson:
and if you run as root, this won't protect you at all
If you run as root, you deserve everything you get. It's folly and stupidity, and I certainly hope you're not suggesting this to any other newbies you're showing linux to.
In fairness, I don't think that was what this marginal troll was saying.
You're right, I misread. I thought he wanted to run without a user account, but he only wants his user account to not have a password If he doesn't allow logins at all on his system, that might not be a security hole, so that's not so bad as running as root But it shouldn't be the default, the default should be to force it. At present, it doesn't force a strong password, you can have the password "hello", and yast will produce warnings about it but it will let you do it. I don't think this is a bad thing -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 24 January 2007 15:06, Anders Johansson wrote:
At present, it doesn't force a strong password, you can have the password "hello", and yast will produce warnings about it but it will let you do it. I don't think this is a bad thing It is a good thing.
-- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (8)
-
Alexey Eremenko
-
Anders Johansson
-
Billie Erin Walsh
-
James Knott
-
Kai Ponte
-
M Harris
-
Peter Bradley
-
riccardo35@gmail.com