Auteur: sajolida Date: À: The Tails public development discussion list Sujet: Re: [Tails-dev] next big features: status update
intrigeri: > hi,
>
> sajolida wrote (20 Mar 2012 10:01:34 GMT) :
>
>>>> « Leave this blank for better security unless you need to
>>>> perform administration operations. »
>
>> Ok, now I understand. But when I first read it I thought that
>> leaving it blank was like setting a "blank" administration password
>> and that I would be able to do sudo at anytime (like before).
>
> Understood. We must fix this.
>
>> So what about:
>
>> « Optionally enter an administration password. If you leave this
>> blank you won't be able to perform administration operations but
>> that could prevent a malware or an attacker from getting
>> administration privileges. »
>
> It sounds to me like "beware! if you leave it blank etc.", that is
> encouraging people to enter a password, and I don't like it.
>
> How about something like:
>
> « Leave this blank for better security -- you won't be granted
> administration credentials
> or
> Enter an administration password -- in case you need to perform
> administration operations »
How about a combination of both:
« Enter an administration password in case you need to perform
administration tasks. Otherwise it will be disabled for better security. »
I'm also worried about allowing a way to understand what's happening
once you booted, and before digging in the documentation. Especially
since that's a change from previous versions. I guess we could customize
/etc/sudoers for that.
We could replace the traditional first-time lecture when no root
password is set. That could be done with the 'lecture' and
'lecture_file' options, see man sudoers. It could say something like:
« By default, the administration password is disabled for better
security. If you need to perform administration tasks you need to set up
an administration password at boot time. See the corresponding
documentation. »