On Wednesday, May 23, 2012 17:23:38 Martin Schlander wrote:
Onsdag den 23. maj 2012 17:20:24 Martin Schlander skrev:
Tirsdag den 22. maj 2012 14:48:12 Andreas Jaeger skrev:
Administrating a system in a secure way is always balancing the needs and requests of security, convenience and usability.
We've collected a couple of use cases for the administration of a local system at: http://en.opensuse.org/openSUSE:Security_use_cases
* Are there any use cases missing? * How can we solve these use cases so that a system is easy to setup
for the most common usage scenarios?
I think there are a number of firewall related issues of security vs. convenience. These don't directly have anything to do with permissions of course, e.g.:
1) The user wants to browse samba shares, but it's not worky unless he turns off the firewall or manually allows some services first (at least I *think* that works now).
2) The user can't figure out why he can't connect to sshd running on an openSUSE system, cuz "with Ubuntu it just works" (... cuz everything is open by default)
Don't really have any good suggestions how to solve these issues, but they're definitely costing us users and maybe someone else does. Maybe it would be possible for the firewall to provide some user feedback when it blocks stuff, they're trying to do.
Oh, I almost forgot one of our main issues of (data) security vs. convenience. The highly restrictive default permissions on NTFS, preventing normal users from writing to NTFS. People really hate us for that one.
Let's revisit this one - could you add a use case to the wiki page, please? Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org