Re: [opensuse] Re: Should openSUSE review it's Security Policies?



On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
Le 29/02/2012 21:27, Roger Oberholtzer a écrit :

I think the issue is fine-grained permissions.



read man sudoer

See my earlier response to Patrick on this. sudo is all-or-nothing for
the program. You cannot restrict a single program to a subset of root
permissions. You get them all.

I think there are these issues here:

* What fine-grained activities currently limited to root could have
configurable access. Like my favorite: network broadcasts.

* Which system activities need to be accessible to the user? Adding a
new printer is one such thing. I would imagine a solution like the
network manager in kde/gnome, but for a class of printer queues, would
help.

* Some activities are already configurable. Or so one hears. Better
documentation and, perhaps, a consistent interface to configure then may
be in order.

I surely do not want the ubuntu madness of typing sudo all the time. I
am confused there the security is in that. And, anyway, if you want the
sudo method, isn't it just for you to add the commands yourself?
openSUSE has not, afaik, disabled sudo.


Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
roger.oberholtzer@xxxxxxxxxx
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx