Mailinglist Archive: opensuse-factory (1135 mails)

< Previous Next >
Re: [opensuse-factory] Security or Convenience? Defining a better policy
  • From: Neil Rickert <nrickert@xxxxxxxxxxxxx>
  • Date: Tue, 5 Jun 2012 11:33:54 -0500
  • Message-id: <20120605113354.2236e2ab@nwr2>
On Tue, 22 May 2012 14:48:12 +0200
Andreas Jaeger <aj@xxxxxxxx> wrote:

Let's do the discussion on the opensuse-factory mailing list, I'll
update the document with any improvements. Feel free to enhance it as
well.

I have just joined this list (nomail version), though I have been
following the discussion via the web archives. I hope I'm not late to
add a comment.

I'll mainly comment on network issues (NetworkManager). But let me
first add a note on Timezone.

Timezone: I personally just set TZ in my environment when traveling.
That does not require root. My "HOME/.profile" contains:

---- clip here ----
### check for a temporary timezone change.
if [ -r $HOME/timezone.sh ] ; then
. $HOME/timezone.sh
fi
---- end clip ----

so I need only create the file "timezone.sh" with the appropriate
TZ definition, and I am set. Then, on return from travels, I delete
that file (or rename it for future re-use). One could probably create
a small GUI applet to generate this file, and then the user timezone
would be changed on the next login. Root is not required, and can be
different for different users. In my opinion, changing the
system-wide timezone should require root.

Network (NetworkManager).

I have been experimenting with this. Perhaps I should do a bug
report. I have described what I did in more detail in

http://nwrickert2.wordpress.com/2012/06/05/trying-to-make-networkmanager-sane-in-12-2/

In short, I created a "network" group, and modified polkit definitions,
so that anyone in the network group who is at an active console can
make WiFi changes.

The polkit definitions from opensuse made this hard. There are local
definition files (actually vendor definition files) for group *, and
any attempt to make a definition for group network seemed to be
overridden by the "group *" definition. It seems to me that opensuse
should put any definition that applies to everyone into the defaults
instead of in a ".pkna" file. That way, at least local administrators
would have a better chance at tweaking it for their own uses.

Thanks for your attention.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups