Mailinglist Archive: opensuse-factory (883 mails)

[Martin Schlander <martin.schlander@xxxxxxxxx>]

Onsdag den 23. maj 2012 17:20:24 Martin Schlander skrev:
> Tirsdag den 22. maj 2012 14:48:12 Andreas Jaeger skrev:
> > Administrating a system in a secure way is always balancing the needs
> > and requests of security, convenience and usability.
> >
> > We've collected a couple of use cases for the administration of a
> > local system at:
> > http://en.opensuse.org/openSUSE:Security_use_cases
> >
> > * Are there any use cases missing?
> > * How can we solve these use cases so that a system is easy to setup
> >
> >   for the most common usage scenarios?
>
> I think there are a number of firewall related issues of security vs.
> convenience. These don't directly have anything to do with permissions of
> course, e.g.:
>
> 1) The user wants to browse samba shares, but it's not worky unless he turns
> off the firewall or manually allows some services first (at least I *think*
> that works now).
>
> 2) The user can't figure out why he can't connect to sshd running on an
> openSUSE system, cuz "with Ubuntu it just works" (... cuz everything is open
> by default)
>
> Don't really have any good suggestions how to solve these issues, but
> they're definitely costing us users and maybe someone else does. Maybe it
> would be possible for the firewall to provide some user feedback when it
> blocks stuff, they're trying to do.

Oh, I almost forgot one of our main issues of (data) security vs. convenience. 
The highly restrictive default permissions on NTFS, preventing normal users 
from writing to NTFS. People really hate us for that one.
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx