Hacker News new | past | comments | ask | show | jobs | submit login

Yes, but we're talking about Fedora's default. And in Ubuntu's default for example the home directory isn't even seperate.



It is a good default, surprises or unintended consequences aside. As a sysadmin, I don't really want to spend time installing packages for users that I trust with shell access, to require my assistance so they can install signed packages from the OS vendor in the default way.

The firewall is secure by default, and installing packages is not punching holes in it by default, so this is really not as surprising as I thought at first. The user can install packages and ask for my help to punch holes in the firewall, or edit configuration, if needed.

If it wasn't needed, they didn't need to waste any of my time or theirs, talking to me so I could do a visit and put my hands on the machine, give it my superuser password, just to add a new package with the default configuration. And that is a victory.

(I'm just not sure InfoSec group will like it. So let's not tell them.)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: