Hi all, I am happy to see this discussion. I started to thought that I was the only one complaining about the way root/sudoers/authentication-in-yast works in openSUSE/SLE. I personally find Stasiek’s current proposal bad for UX, since getting asked more than one time for the password is more frustrating than getting asked only one. It is good to hear different voices and opinions, since I think that to find the right way to do it, we have to find consensus of what we want, what basic users want, what system administrators want... I already raised this conversation with Ludwig and even created 2 tickets in fate. But, fate was closed and the tickets lost. My proposal was to add a user group “admin” by default, add the first user to this group and remove the setting “Defaults targetpw” from /etc/sudoers This way, a user in the group admin would have root rights with its password, which is expected for an admin account. Giving and removing root rights to a user would be so simple as adding it to and removing it from the admin group. sudo can do all the job. If an account is compromised, it can be disabled and removed from the group without affecting other users. I would be against disabling root user by default. I think root should be available for emergencies, rescue system, etc. But, I think root should not be used as the system administrator user. With sudo rules, it can be avoided that a user executes jumping privileges programs, like vim. Instead of that, the filesystem permissions should be used to allow an admin user make modifications. Configuration files under /etc would need to have group owner “admin”, so that an admin user can execute vim as non-root to edit the file. Of course such think needs to be carefully planned and audited by security experts to cover holes. What do you all think? I want to make linux desktop distributions more user friendly (not only geek/IT-scientist friendly), and for that we need to make UX "non-geek first". The defaults need to be the best possible for them, but always allowing the experienced user to set up the things different. Specifically I am thinking on Leap. Tumbleweed isn’t a good candidate for non-geeks, but Leap is. I think that it is ok that Tumbleweed is aimed for geeks. If not possible to change Tumbleweed nor SLE, I will at least beg to change Leap in that regard. Kind Regards Sergio-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org