[Mageia-dev] Handling single user/rescue/failsafe mode

[Wolfgang Bornath]

2012/4/26 Guillaume Rousse <guillomovitch at gmail.com>:
> Le 26/04/2012 15:21, Wolfgang Bornath a écrit :
>>
>> 2012/4/26 Guillaume Rousse<guillomovitch at gmail.com>:
>>>
>>> Le 26/04/2012 14:22, Wolfgang Bornath a écrit :
>>>>
>>>>
>>>> What is the advantage to leave the barn door open? To make it easier
>>>> on those who can not remember their root password? Having to find out
>>>> how to overcome that small bar will not hurt them but teach them a
>>>> lesson.
>>>
>>>
>>> Having to type a password with a misconfigured keyboard is a pain.
>>> Really.
>>
>>
>> Yes, that is surely a reasons to put away with all passwords because
>> they are all hard to type with a misconfigured keyboard.
>
> Your comparaison is unfair. Your usually boot in runlevel 1 exceptionnaly,
> because your machine is in bad shape, in order to repair it. And as it is
> not the usual operating runlevel, you can't usually ensure than than
> boot-time configuration is applied correctly.

How it is unfair?
The question is NOT what people usually do but what people CAN do. If
you go out for lunch, do you leave your desk drawere open for
everybody passing by? No? So why do you do that to your computer?

>> I don't understand that it is not regarded as a contradiction to
>> recommend setting a root password at installation and at the same time
>> leaving the door wide open by default for reasons of convenience.
>
> Because usually people interested in security usually consider threat
> classes before considering effective countermeasures. And securing physical
> access is usually considered worthless.

Ah, I see. Interesting point of view.

A computer in an environment of people IS a thread class. A bunch of
adolescent kids IS a threat class.
If your threat classes only include serious criminality (like taking
away the computer) then your threat classes miss reality.
But anyhow, you seem to have never experienced coming back home to
find your root password changed by your well meaning kid (which is one
of the not so serious REAL cases).

> Now, that's just a default setting, this is perfectly subjective, and we may argue for hours about the right thing to do...  .

No, it is not a subjective setting. Because this default setting is
not caused by technical reasons nor is it set because of somebody's
individual opinion. It is set simply for convenience reasons. We (at
Mandrivauser de and other places) have been constantly recommending in
the forums to change this setting and most of the users who are
interested in security do it because they understand the reasoning
behind it.

But what do I know. This was the last time I argue about such things
here. Do what YOU think is right.
-- 
wobo