This is a follow-up to recent posts to he gentoo-dev mailing list. Experienced Unix users agree that the root user should only be used for essential systems-administration tasks. A non-root user is therefore an essential part of installing a fully function Gentoo system. IMO this is not adequately reflected in the instalation documentation, which (I believe) is intended to provide a guide to a complete, if minimal, Gentoo-Linux installation It is under the heading "Setting the Root Password" and is a single line saying: You will also want to add a non-root user for everyday use. Please consult the Gentoo FAQ . When you read the FAQ it has the lines I quoted (without even its own header): "Everyone seems to think that i shouldn't be using root for everyday use, how can i add another user?" So IMO, that places the emphasis of the non-root user incorrectly. Surely the heading of the installation document should read: "Setting up your user-name, and setting root password" Maybe superadduser should be part of the base stages installation..? Instructions to `superadduser yournamehere` could be placed right before the setting-root-password section of the installation guide; this section could contain the explanation: "the root password is used in conjunction with the `su` command when you need to perform administrative tasks on your Gentoo box". It is easy for experienced Unix / Linux users to assume the wisdom is universal, of not using root for routine activities such as web-surfing & reading email. However this is overlooking the tendency of newbies to log in as root, because they don't know any better. Since Gentoo now has in excess of 150,000 users, it may be assumed that a small proportion of them may be Linux novices, and I believe that Gentoo may be some users' first Unix / Linux. Since it is easy for the installation documentation to reflect the inadvisability of root logins for these routine tasks, I respectfully suggest that it does so. Reproducible: Always Steps to Reproduce: 1. Remove user's clue 2. Install Gentoo-Linux & `emerge BitchX` 3. Login as root & BitchX to irc. Actual Results: I got h4x0r'd
http://cvs.gentoo.org/~swift/gentoo-x86-install.html http://cvs.gentoo.org/~swift/gentoo-x86-install.xml Search for "Management" Will be committing this after review.
Sven, Please take this as a request for discussion, NOT as criticism. In the URL you provide (draft install document), you have left adding a non-root user as a link to the Gentoo FAQ. If the problem is as bad as discussed on -dev, surely many users will skip past that on their way through the install instructions, intending to leave it for later. Surely adding the non-root user should be PART of the installation guide, not an after-thought..? I appreciate that you are probably pretty busy, and that this perhaps seems like a small thing, but I believe this is an opportunity for Gentoo to get things right, and to educate inexperienced users better. Thanks, Stroller.
I've changed the document (same URL) to reflect your suggestions.
Committed to cvs.
