Hi, Am 4. März 2024 06:17:31 MEZ schrieb Philip Hands <p...@hands.com>: >I found that there were some phrases that I was avoiding for various >reasons, a couple of which I see you've used, so I'll say why I was avoiding >them and see if I have a persuasive argument for doing so. > >"allow/deny login/access as root": > > The problem here is that not having a password for root only prevents > one from getting direct access to root by using a password. Indirect > access is still available via sudo, and direct access is still > available via key bassed ssh. I was also avoiding saying things like > "disable the root account" for the same reason. > > This is why I ended up with the phrasing: > > direct password-based logins to 'root'.
Ok, seems fair. I would change to that then. > >"using the 'sudo' command": > > This I was avoiding becuase it might give the impression that one MUST > use sudo, whereas most people will actually get their root acces via a > GUI prompting them for their own pasword (because it's checked that > they're in the sudo group) when doing things like unlocking their > network or printer settings. I thought it was worth mentining the > 'sudo' group explicitly because that gives something to search for if > they want to find out more, but telling people they need to use the > sudo command seemed like a step too far. Correct so far. Maybe a bit more technical and therefore probably not the easiest choice for newbies, but I have no problem using that. >Regarding the password advice, I ended up concluding that it's pretty >unlikely that anything we say at this point will have any effect on >people's behaviour, but then I'm probably just an old cynic. Also, I >failed when trying to come up with a wording which I was happy with, >which is why I ended up discarding the advice entirely. > >If we want to keep the password advice in then I think what you wrote is >(mostly) OK, although I think it implies that one should be choosing a >single "password" (although, not a word in any normal sense), which >could be argued to steer people away from the perfectly decent xkcd >approach of using several dictionary words. Saying "Password or >Passphrase" at least once would probably address that. Ok, makes it a bit longer, but it could be worth it. I will prepare a new patch with above. Holger -- Sent from /e/ OS on Fairphone3
