On Thursday 14 January 2016 05:44 PM, James Valleroy wrote: [...] > > Adding the sudo group would fix most cases, but there will still be an > issue for display managers like gdm (it can't start with the current > restriction). > > I'm wondering about the security benefit of restricting logins (both > console and SSH) from non-privileged users. There could be a use case > for non-admin users to access files in their home folders, although we > may need to implement storage quotas.
Here is a more concerte plan that should fix all current issues: we will allow all local (non-LDAP) users to login, in addition to allowing 'admin' group users. Further to that, we will consider allowing all users of a special group say 'console' to login via SSH and console. Allowing all users may be good in some situations like what we are doing here; have a FreedomBox serve an entire community with each of them having logins. -- Sunil
signature.asc
Description: OpenPGP digital signature
