Johannes Meixner wrote:
I think if a normal user gets particular administrator rights, it basically means in the end that this normal user gets a more or less complicated way to somehow gain full administrator rights.
There might be a few exceptional cases or even bugs, but in general I think the current default borderline is intentionally where it is because this is exactly what keeps a system secure.
E.g.: Allow a normal user to add/modify print queues means to allow him to eavesdrop on every print job content which means that he is allowed to read root's print jobs which means he may collect sufficient information to somehow get full administrator rights, compare https://bugzilla.novell.com/show_bug.cgi?id=752454#c3
I am not against giving a normal user a particular administrator right but the one who allowes it (usually root) must know that this means he must trust the user who gets the particular administrator right.
Actually, in the corporate world, it's quite common to allow employees to add/delete printers. That was certainly the case when I worked at IBM and also with the insurance company I've been doing some work for recently. Also, a user should be able to manage *THEIR* jobs in a print queue, but not others. After all, they may want to abort their print job for some reason or perhaps restart it, after clearing a jammed printer. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org