Linus Torvalds snarls at openSUSE desktop Linux's security

Linus Torvalds snarls at openSUSE desktop Linux's security

Summary: Even Linus "Linux" Torvalds can have desktop Linux headaches.

SHARE:

Even Linus Torvalds can have have a bad Linux desktop day.

Even Linus Torvalds can have have a bad Linux desktop day.

Linus Torvalds was not a happy man. He's been using openSUSE Linux as his desktop Linux, he explained in a Google+ posting, "because it worked so well at install-time on the MacBook Air, but I have to say, I've had enough. There is no way in hell I can honestly suggest that to anybody else any more." What enraged Mr. Linux? OpenSUSE's demand that you use the root password to make what Torvalds thinks are trivial desktop setting changes.

Torvalds started by saying that "I don't think I can talk about "security" people without cursing, so you might want to avert your eyes now." A long time Fedora user, Torvalds recently switched to openSUSE [German link], because of his intense dislike for Fedora's GNOME 3.x desktop.

Sharing, as I do, his feelings about GNOME 3.x, I'm sure he still doesn't want to go back to Fedora with GNOME. But, he's sure not happy with openSUSE, which uses the KDE desktop by default, either.

Torvalds was enraged that it took weeks of "arguing on a Bugzilla that the security policy of requiring the root password for changing the time zone and adding a new wireless network was moronic and wrong. I think the wireless network thing finally did get fixed, but the time zone never did - it still asks for the admin password."

The final straw though was when Torvalds' young daughter "Daniela calls me from school, because she can't add the school printer without the admin password."

Then Torvalds really blew up, "Whoever moron thought that its "good security" to require the root password for everyday things like this is mentally diseased.

He concluded, "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace "my kids" with "sales people on the road" if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place. ... and now I need to find a new distro that actually works on the MacBook Air."

For what it's worth I suggest he give Linux Mint 12 with the Cinnamon GNOME fork. Getting Linux Mint to work on a MacBook Air is tricky, but it won't give Torvalds any problems.

However, Torvalds would find that while Mint doesn't ask for the root password to add a printer or to join a Wi-Fi network, but it does require it to change the time. This all dates back to the Linux's Unix ancestry. Unix was, and still is, primarily a multi-user operating system where you didn't want any Tom, Dick, or Harry changing fundamental system settings. Today, you still find traces of this server security mindset in most Linux desktop distributions. OpenSUSE is far from unique.

Andreas Jaeger, SUSE's program manager for openSUSE, told me, "There are cases where a password should not be needed and we'll fix those. But the tone of the rant didn't ring well with anybody."

The good thing about this philosophy is that it helps make Linux more secure. The bad thing is that, alas, it makes desktop Linux a little more trouble to use for some users, even Linus Torvalds himself some days.

Related Stories:

Adobe abandons Linux

Mint's Cinnamon: The Future of the Linux Desktop? (Review)

Beyond the desktop: Ubuntu Linux's new Head-Up Display

The death of the Linux distro

OpenSUSE's new Linux distribution is for the clouds

Topics: Hardware, Linux, Open Source, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

127 comments
Log in or register to join the discussion
  • Linus is such a child

    From a very long time Linux administrator's perspective, I've got to tell you, Linus is such a child when it comes to these things. I'm out in the real business world trying to sell companies on the idea of using open source solutions because they are more secure, and in the meantime, Linus is telling security pro's to "kill themselves" and that they are "mentally diseased" for requiring perfectly reasonable security policies. And he did this because his daughter's laptop wouldn't log on to a network printer at her school.

    Please grow up, Mr. Torvalds, or stop trying to be the face of open source.
    markjohnsoncardio
    • All the kids and salespeople I know

      dont have that problem, cause they use Windows or Mac.
      otaddy
      • Actually, That's Not Likely

        Since you need similar privileges in similar situations in Windows or Mac as you do in Linux, then the real reason the people you know don't have that problem is morel likely that they have administrative privileges.
        CFWhitman
      • This is a usability issue (security is a red herring)

        Linux Torvalds' rant (minus the name calling, etc.) reminded me of a highly-publicized rant from Bill Gates posted here:

        http://blog.seattlepi.com/microsoft/2008/06/24/full-text-an-epic-bill-gates-e-mail-rant/

        Except that Bill Gates, as the CEO of Microsoft, had a bit more control over Windows than Linus does over the various Linux distros. What does Linus have to do to solve his problems? Change distros. Choice is good, right?

        A cartoon: [i]Linus Torvalds is crossing a stream in a clearing by jumping from one rock to the next, with each rock representing a Linux distro. He's already left Fedora behind and is now standing, somewhat unsteadily, on openSUSE. The next rock is identified by '?'. Beyond that, another rock identified by '?'. Standing on the opposite side of the stream are Bill Gates and Steve Jobs whooping it up.[/i]
        Rabid Howler Monkey
      • All the kids and salespeople I know

        Because they're too busy on Facebook to do anything useful maybe?
        Ray Noel
    • re: Linus is such a child

      Short answer: "You're wrong".

      Long answer: I've been working on systems for over 30 years. The people I've seen doing Linux security of late are really stretching a point to call themselves "Security Professionals". They are making shit up as they go along with the attitude that "I know best who the hell are you to tell me?"

      And the attitude in general that I get from the OpenSuse crew was particularly offensive. I work as a professional systems admin. I also donate time to a few non-profits where I've helped them solve problems with Linux. And I've recently been forced to start moving them to other distos because the attitude with OpenSuse is "This is our toy box. We'll play with what we feel like playing with. If something in the distro that used to work goes out broken because we felt like redesigning something that used to work so that it looks sexier? Well then too bad. If you don't like it you should just pay for another distro. They stopped trying to recruit people to the Linux brand and all become little tin plated tyrants with not even a whisker of Mr. Torvalds experience.

      A little bit of overkill in response has been long delayed and it just finally bubbled over. It might have been more fair to simply insinuate that they were unskilled bumbling clowns? But Mr. Torvlads is a lot closer to the truth than your assessment of as (sic) "security pro's".

      (Seriously if you're going to critique someone who has made far greater contributions perhaps you should learn the difference between the plural and the possessive?)
      Hilsh
    • It appears all Linux users have real issues

      Of course I'm only using Linux Geek and now Linus as my sample population.

      However, Linus really needs to get a life or download the Win 8 preview to see what modern software is like. Still laughing over him using Linux on a Mac - wasn't the Unix OS/X good enough for him? ;-)
      tonymcs@...
      • Please

        Tony,
        I thought that Linux desktop was dead, yet you seem to
        continue with all your comments, why?

        Why is there so much concern with a 1% marketshare, why. :)
        daikon
      • Clearly Linus does not feel it's good enough...

        And I was laughing at my friend trying to figure out OS X while he could have just installed dualboot with OS X and Linux (his gf wanted the mac and uses OS X) and use that macbook just like he uses his Lenovo laptop, with Linux Mint I believe.

        My little experience on OS X is that I would likely also install Linux as 2nd OS if I had to use a Mac - my ex also has one and we almost got back together, would it have happened I would have installed it and it's not unlikely that she would have started using less OS X and more Linux too... She does have experience and when asked she told that she did not see anything particular being better or worse on OS X - after confirming that running Windows virtually would work just as well (she wants to run certain windows applications, she does not want to run Windows as base OS).

        My long experience with different Windows versions (from 3.0 to Win7) has taught me not to expect the next new version to be anything extraordinary - it's always hyped by fanbois, it never is... at best it's better than previous (ie. Win7) but then at worst it's worse than in ages (ie. ME & Vista). If I want modern, I look for different DE's available for Linux - but I don't really prefer "modern" (as it's usually understood) when it comes to Desktop... I only study them so I know how they work and can offer my recommendations or make suitable installation for regular users.

        My own desktop then? Just to describe a very different preference from usual, as I feel it helps to understand my final point:
        When it comes to my own desktop I prefer to run minimal tiling, tabbing Window Manager with floating window workplace supported (on separate workspace or on top of tiling workspace) - it only needs to provide proper WM functionality, script support for added functionality and configuration, functionality do control anything the WM does via keyboard without ever touching mouse - if I don't want to - as that is mostly faster. Additionally I run couple applications to provide functionality DE's usually provide, gkrellm on side of workspace 1 running different plugins showing stuff from CPU usage through application launchers to weather conditions - stuff that you could run on Gnome DE as Panel plugins, and another application which functionality is commonly found in desktop panels, Docker, for those notifications and iconified tasks running "in background"...
        I don't need menu for launching programs but it's a tiny optionally loadable module for my WM so I have one...
        This gives me all the desktop functionality I need, it uses minimal amount of memory or processor resources (while some desktop environments can even bog down today's average equipment), and while plenty I see no reason to waste resources when even light end DE's with quite good usability, ie. Xfce4 (which I have installed for friends and visitors) simply *lacks features* I want while providing huge amount of features I never miss. I like to use light end software but I don't compromise my systems usability for that.
        What I like most on my setup is how it works and how it's configurable - and as programmer I really like this kind of software, the kind that affects using of other programs running under it, that is scriptable to alter or even completely reprogram it's functionality. Like FireFox, I like my programs scriptable, from core to end apps like irc, www, messenger, etc. clients, media players, everything - and through scripting a desktop also can offer everything the way I feel best, no compromices, which is what I've grown used to now and thus don't like DE's, none of them can quite fully replicate what I'm used to.

        My point being? To each their own, I for one would hate to be limited on using modern software as DE, whetever it's OS X, Windows or Linux they don't give me the user experience I want.
        This is the same thing that drove Linus to write Linux kernel in the first place - none of the systems available on his hardware satisfied him, so he started building his own OS (as in writing and combining free software, his own kernel, Linux, and GNU userspace).
        Linus has very different preferences than me - in fact most people do - but having read quite a lot of articles about him, book about him and another about Linux (focusing a lot on Linus and his choices/actions), his own writing and interviews I know that OS X is not something he considers a proper desktop system - and while different from what it was when Linus started, neither is Windows.
        It makes me laugh on anyone suggesting Linus to use Win 8 "to see what modern software is like" - so far Windows has been something he has considered far from being modern, and nothing suggest Win 8 offers anything that would make it such in *his view*.

        Also, his views and opinions are such that were another OS on the market actually significantly better for him to use than Linux, even if proprietary, he probably would use it. Know your "sample of population" before writing about them, you are writing about man who set to write a free OS by himself (when starting he had no idea how it would catch up) *because he was not satisfied*. Yet in his book he also states that he has, in the past, used MS PowerPoint when giving presentations - as it was, at that time, significantly better option than other alternatives. He already is focusing on using the software that works for him the best, simple as that - clearly he does not see OS X as "good enough for him".
        robsku
      • He (tonymcs) completely missed the meaning of the comment.

        Gnome is the easiest to work with admin privileges. Just right click a folder and select "open as admin", the backround turns red and you can do whatever you want. If you close the window, it reverts back to normal privileges. It's handy if you need to do it a lot. Other distros require more deliberate efforts, but considering the caliber of Linux vs. some of the people here, someone can understand the confusion.
        Joe.Smetona
      • go away with your cheap shots!

        Linux is rock solid for everyone!
        The Linux Geek
      • Linus and openSUSE

        With the sandboxing and upcoming lockout of the app market (good for users bad for developers) he may want something that isn't becoming more and more locked in to the manufacturer.
        jyrhino
    • Wonderful

      My friends told me about---onenightcupid.c/0/m---. They told me it is the best place to seek casual fun and short-term relationship. I have tried. It is fantastic! Tens of thousands pretty girls and handsome guys are active there. You wanna get laid tonight? Come in and give it a shot, you will find someone you like there. Have fun +_+
      JessicaS22
      • Wonderful

        Jessica, or Peggy, or whatever your real Russian or Chinese name is, you may have picked the right blog to spam. I think those of us who actually agree with SJVN would rather read your drivel than the same tired crap from the basement-dwellers here who have their secret man-crushes on the columnist, and who trash him in an effort to avoid their conflicting feelings.
        thebaldguy
    • Linux, like Unix, generally has very poor security control

      The problem isn't whether this or that item should require root access on all systems, it's that some systems need that, and others don't. A single-user system run by the person that installed it doesn't need to pester the user for root access all the time. If they are logged in to a privileged account, root or otherwise, they should just be able to do what they like...like on Windows. A single-user system run by a child may need some restrictions so the parent can control what they can do with it. On the other hand, for a multi-user server system you don't want every user to be able to screw with the environment (like network settings, timezones, and printers) or you get chaos and the system becomes unusable. Only the system admin, or specific people approved by them, should have that sort of privilege. The rest should not, and should have to request things of those who are so that changes can be coordinated, documented, and other steps that keep the system working and secure.
      I worked with DEC's VMS system for decades, and in VMS, unlike Unix, there are multiple privileges you can be granted...not just "all or none" like with root. Even when I was logged into the system account (equivalent to root) I could turn off privileges I didn't need or want active, and for certain users I could grant selected privileges, like the ability to do physical IO to a device, or to use the network, or to read any file on the system, or about 30 other things, without granting them privilege to do everything else. Unix, and Linux, could benefit by such a setup, but given the long history and millions of lines of existing code, I don't see it happening. The closest I've seen in Unixland is the use of group membership to permit things, but the basic commands, like moving files around, don't care about that sort of thing.
      plonk@...
      • Linux has this...

        Eh, Linux (and UNIX systems all) does have this - it is NOT limited to "all (root) or none (limited account)", in fact I just checked GUI tools available in Debian with Xfce4 desktop and user accounts GUI tool has simple checkboxes to grant the user rights for mounting removable media, wifi configuration, printers, etc. etc. (this was not surprise for me, I just don't usually do system administration via GUI tools personally).

        Obviously you are not that familiar with *nix systems...
        robsku
    • Child has needs that can't be ignored since adults may not have those...

      You may be right.... But I think the whole issue is, to cater to specific needs and populations.... If you lock down Windows and OS X, they may also be more safer than now.... Remember UAC in Windows Vista and disliking of it among users... The fact that majority of Windows 7 is actually Windows Vista minus most notably UAC, it is well received among users.

      But it is a trade-off... If the goal is mission critical, then stability, reliability, and security shall get equal importance. If it is usability, depending upon day today usage and domains, it can be tweaked as well while leaving the system secure. Why for every small thing one shall enter root password? In fact, the frequency of entering it may give a sense of using it carelessly.... Imagine, if for installing apps and doing every small tweak, an Android user had to root the phone or enter root password... It won't have gain traction it has now.... is it completely secure the way a server shall be.... probably not, but the strategy of securing its gates shall be devised rather than introducing a root password, or rooting the device.
      ashwinipn
    • Imitation security sucks

      Requiring ordinary users to have administrator or superuser privileges to accomplish ordinary daily tasks is not security, but the opposite of security. ...And yes I have had that problem with windows PCs at my company and I agree with Linus that it is a bad thing. Our local security administrators ended up giving everybody who traveled with laptops administrator privileges. Meaning that we logged in as administrators every time. Wrong thing to do? YES, but much easier than carefully choosing the right set of privileges to give ordinary users.
      Jon.M.Kelley
    • Linus is such a child? Huh?

      I'm sure glad you're not my "Cardiologist-without-a Heart"
      Ray Noel
  • agree with Linus on all counts - including "please just kill yourself now"

    Regular user should be able to install OS him/herself, and run OS day-to-day without root password.
    This kind of stupid decisions HAVE to be punished by public humiliation - Linus did just that. Bravo...
    vgrig