I will start off with a no, but let's get through this ;)
I am happy to see this discussion. I started to
thought that I was
the only one complaining about the way
root/sudoers/authentication-in-yast works in openSUSE/SLE.
I personally find Stasiek’s current proposal bad for UX, since
getting asked more than one time for the password is more frustrating
than getting asked only one.
I find the proposal reasonable in case of polkit, sudo mode would
to execute administrative stuff only for some time, with limitless
changes. This way if admin performs all the changes they need to do
timeframe, they do not have to enter the password more than one time,
they leave to do other stuff, and forget to close any of the modules,
party can't just change stuff without knowing the password (assuming
up after the time has run out).
Any other model leaves the possibility to run stuff on behalf of root
without a limited timeframe, with the possibility to be compromised by
person in the office, or requires a lot of passwords to execute
is frustrating and pointless considering existing solutions (ie Polkit)
You could introduce automated closing of YaST windows after some time of
inactivity, but considering that Wayland doesn't allow you to track
activity outside of the application, it wouldn't work very well with
It is good to hear different voices and opinions,
since I think that
to find the right way to do it, we have to find consensus of what we
want, what basic users want, what system administrators want...
I already raised this conversation with Ludwig and even created 2
tickets in fate. But, fate was closed and the tickets lost.
You can still view the tickets https://features.opensuse.org/
My proposal was to add a user group “admin” by
default, add the
first user to this group and remove the setting “Defaults
targetpw” from /etc/sudoers
This way, a user in the group admin would have root rights with its
password, which is expected for an admin account. Giving and removing
root rights to a user would be so simple as adding it to and removing
it from the admin group. sudo can do all the job. If an account is
compromised, it can be disabled and removed from the group without
affecting other users.
How does that differ from suggested route with wheel? It's a group of
with permissions to do "admin stuff", which is present on almost every
BSD and Unix system. Assuming that the first user is admin is not a
to deal with it, it would be better if it was an option during
user creation. And in any case, you can remove or disable any user if
permissions to do so.
I would be against disabling root user by default. I
should be available for emergencies, rescue system, etc. But, I think
root should not be used as the system administrator user.
Also shouldn't have the same password as the first user by default, if
going the wheel route.
With sudo rules, it can be avoided that a user
privileges programs, like vim. Instead of that, the filesystem
permissions should be used to allow an admin user make modifications.
Configuration files under /etc would need to have group owner
“admin”, so that an admin user can execute vim as non-root to
edit the file.
Of course such think needs to be carefully planned and audited by
security experts to cover holes.
This is going a little far, especially since you are probably expecting
various applications with that user, which is not going to be safe if
let them access everything without asking questions.
This also extends third party access issue outside of su windows, it's
What do you all think?
I want to make linux desktop distributions more user friendly (not
only geek/IT-scientist friendly), and for that we need to make UX
"non-geek first". The defaults need to be the best possible for them,
but always allowing the experienced user to set up the things
Specifically I am thinking on Leap. Tumbleweed isn’t a good
candidate for non-geeks, but Leap is. I think that it is ok that
Tumbleweed is aimed for geeks.
If not possible to change Tumbleweed nor SLE, I will at least beg to
change Leap in that regard.
SLE is the base for Leap, I doubt that this important part of system
changed without taking care of it everywhere. Also Tumbleweed is a
driver for anybody (at least we are trying our best to make it be like
with testing), you should try it out ;)
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org