The fewer security mechanisms, the cleaner the design. We believe the majority of useful security automations (outside of a Mandatory Access Control environment) best achieved via a combination of IPTables, POSIX file-based capabilities, seccomp and virtualization. As a result, several technologies have been deprecated in SprezzOS, as it is felt they served only to complicate the security landscape.
By default, the root account cannot directly log in. This can be changed post-install with sudo passwd, but is discouraged.
SudoThe user created during SprezzOS installation will be added to the sudo group, which requires no password by default:
%sudo ALL=(ALL:ALL) NOPASSWD:ALLTo add an arbitrary user U to the sudo group, run
sudo usermod -G sudo -a U