Mailinglist Archive: opensuse-factory (393 mails)

< Previous Next >
Re: [opensuse-factory] Printing in openSUSE 10.3
  • From: Klaus Kaempf <kkaempf@xxxxxxx>
  • Date: Thu, 8 Mar 2007 17:17:14 +0100
  • Message-id: <20070308161714.GA15146@xxxxxxxxxxxxx>
* JP Rosevear <jpr@xxxxxxxxxx> [Mar 08. 2007 17:01]:
>
> You pointed out the policy piece in cups 1.2 which is great, that gives
> us the underlying tools to solve this.

... which seems to be limited to cups.

There exists a myriad of implementation to delegate access rights
to users in Linux. On the low level pam modules is one, resmgr another,
then we have policy kit, setuid-root binaries, etc.

ZENworks brings its own framework for role based access control (rbac),
cups has policies, YaST is supposed to support rbac in the future.

I'm not a security expert, so these things might have non-overlapping
semantics. But they certainly do overlap in certain areas.


The more such implementations exist, the more ways hackers will
find to break them.

Long term, I'd like to see one architecture to delegate 'specific root
rights' to users rather than extending different implementations for
specific use cases.

Just my $0.02 ;-)

Klaus
---
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG N├╝rnberg)

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >