Mailinglist Archive: opensuse-factory (883 mails)

< Previous Next >
Re: [opensuse-factory] Roles for security and convenience
On 26.05.2012 18:26, Claudio Freire wrote:
On Sat, May 26, 2012 at 5:16 AM, Thomas Leineweber<thomas@xxxxxxxxx> wrote:
I would read it as follows:

If there is a dedicated account with it's own pwd for the administration
of a service, it is not possible to see, who did the administration
task. Nearly "everybody" could have logged in as the dedicated user,
because many persons know the pwd. That is in contrast to the
requirement, that you can find out who has done the administration
task.

Ah, yes, of course.

Every admin would have their own user account, and that account would
be a member of the group that has admin rights over the resource.
That's how it has always been done in cli land, AFAIK, and that's how
it ought to be done in the GUI too.

No, it isn't how it's done today with policykit nor is that how it should be done for the complex and fine-grained access control policy that is required here. We need roles as groups are much too limited and unsuitable for numerous reasons. The most important are that they are too coarse, difficult and inefficient to administer and inherently less secure. Roles allow fine-grained and centralized assignment of permissions to operations (rather than just filesystem objects) and improve security since they need to be explicitly assumed, possibly requiring authentication.
--
Guido Berhoerster
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups