[CentOS] Another Fedora decision

Thu Feb 5 06:49:07 UTC 2015
Keith Keller <kkeller at wombat.san-francisco.ca.us>

On 2015-02-04, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
>
> I'm neutral to sudo (even though I was taught "the smaller number of
> SUID/SGID files you have, the better). Yet, I'm considering it less safe
> to have regular user who can log in with GUI interface, and likely to be
> doing regular user stuff to have almighty abilities. Yes, I know, I know
> he has to prepend "sudo"... OK, this seems to be kind of question of taste
> in the majority opinion.

I think it's basically six of one, half-dozen of the other.  Is a user
any more or less likely to screw up his box if he has to log in as root
or has to use sudo?  I really don't know.  OTOH, forcing sudo does have
one advantage, in that every sudo command is logged.  (If you do sudo su
you lose that.)

> Yes, Debian and its clones have full fledged root account, only with empty
> password hash (thus making it account for which no password will match).
> You can enable it by grabbing root shell using sudo, then using command
> passwd to set password. voila.

I believe that on recent OS Xs this method no longer works (it used to).

As to the original topic (heh), isn't it a bit counterproductive to
complain about changes in Fedora or RHEL on this list?  Those
distributions are separate entities with their own decision making
processes.  If you want to complain about Fedora, go to their list
(which IIRC the OP pointed people to).  If you want to complain about
RHEL, buy a RedHat suport contract.  It seems to me that the only
legitimate complaints one could make about CentOS would be if they went
out of their way to make CentOS different from RHEL in a very suboptimal
way.  Do you really have any justification for complaining if CentOS
enforces the same password requirements on install as RHEL?

--keith


-- 
kkeller at wombat.san-francisco.ca.us