On Tue, Jul 20, 2004 at 04:21:33PM +0100, Dennis Dryden wrote:
On Tue, 2004-07-20 at 13:56, adam@thebowery.co.uk wrote:
What I don't understand is why (some people will probably be horrified at my suggestion now) is that these desktop newbie centered distros don't generate a secure password (why not perhaps 4 or 5 and let you choose one of them with a single click of the mouse?) when you install and display it on screen and then print a message saying "this is your root password, write it down and keep it in a very safe place. You will need this password to maintain your machine and if you allow anyone else to know this password then they could break into your machine and access your data" (or something similar) and just ask for this password when running package installers and configuration options etc.
This makes sence for a home user distro but maybe they would loose the password, i guess there is no good way around that.
Then at around the same time you can force them to create a normal user account (ok, this is for a bit of desktop software aimed at the desktop, I am not advocating this approach for all distros) and suggest a few secure passwords at them?
The idea of a normal user being auto created by the installer makes sense to me. If the user name was based on some information the user gave at install time(like name) i don't see what security problems this would bring.
Why should a home user need a password to login to there own machine? I understand the need for security on a public use machine that has more then one user account or on a machine that allows remote logins but does a simple home user need multiple accounts or remote logins? I wouldn't think this was good for a normal distribution but for a home use distro it makes sense.
*points at knoppix some more* - look, a normal user running, and no password hastle... *NO ONE* should run the desktop as root, it's in itself a security risk. Run things with as little privileges as possible, as often as possible, rather than someone finding a hole in the program you use daily, acquire the privileges of the user it's running as (so, root), and trash the system... Hey, you know why windows is so prone to viruses? It's because stuff runs at high privilege levels for no reason what so ever (and buggy coding, but hey). For a desktop distribution it'd be good to give the users a chioce of security levels, from not requiring a password and auto magically logging in the default user to requiring a password. Hey, look, win2k could do that, we were doing it with a "web terminal" when I was working for the student union at UEA. It's not a new idea, and it works.
Anyways - how often do you install software and so require root privileges? or need to configure the network card? how many just plain desktop users actually *need* root access for anything bar installing software?
Just my thoughts,