Mailinglist Archive: opensuse (4654 mails)
| < Previous | Next > |
Re: [opensuse] [feature-request] passwordless users in Yast
- From: Peter Bradley <P.Bradley@xxxxxxxxxxxxx>
- Date: Wed, 24 Jan 2007 20:52:45 +0000
- Message-id: <45B7C71D.2070208@xxxxxxxxxxxxx>
Ysgrifennodd Anders Johansson:
The difficulty seems to me to be that his threat model is different from that of many of the rest of us. He is prepared to discount the fact that someone other than himself might access his Linux box without his knowledge and do evil things. He trusts all the people he lives with, and he trusts the locks on his doors and windows and, possibly, the burglar alarm.
My threat model says that I have private stuff on my box and I don't want anyone but me accessing it. One way of ensuring that is by passwording my account. It seems to me to be so little trouble to do this, that I willingly do it - on the basis that all good security is based on the principle of security in depth (the more doors you have to get through, the harder the treasure is to steal).
He's entitled to his opinion on his threat model, but I don't see why he should want to force it on the rest of us - especially when it is so easy to change an account from being passworded to having no password. I just don't see his problem.
But that's just me. What do I know?
Peter
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
and if you run as root, this won't protect you at allIn fairness, I don't think that was what this marginal troll was saying.
If you run as root, you deserve everything you get. It's folly and stupidity, and I certainly hope you're not suggesting this to any other newbies you're showing linux to.
The difficulty seems to me to be that his threat model is different from that of many of the rest of us. He is prepared to discount the fact that someone other than himself might access his Linux box without his knowledge and do evil things. He trusts all the people he lives with, and he trusts the locks on his doors and windows and, possibly, the burglar alarm.
My threat model says that I have private stuff on my box and I don't want anyone but me accessing it. One way of ensuring that is by passwording my account. It seems to me to be so little trouble to do this, that I willingly do it - on the basis that all good security is based on the principle of security in depth (the more doors you have to get through, the harder the treasure is to steal).
He's entitled to his opinion on his threat model, but I don't see why he should want to force it on the rest of us - especially when it is so easy to change an account from being passworded to having no password. I just don't see his problem.
But that's just me. What do I know?
Peter
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |