On Thu, 2012-03-01 at 11:30 +0100, Marcus Meissner wrote:
On Thu, Mar 01, 2012 at 11:27:36AM +0100, Roger Oberholtzer wrote:
On Thu, 2012-03-01 at 08:59 +0100, lynn wrote:
On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:
On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
I think the issue is fine-grained permissions.
read man sudoer
* What fine-grained activities currently limited to root could have configurable access. Like my favorite: network broadcasts.
Hi Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it as a user. On openSUSE only root can launch it. Or at least I've not found a way to do it.
It is software and, more importantly, libraries provided by equipment vendors. For example, these companies provide SDKs for Linux that have as part of their procedure the desire to do a network broadcast to locate things:
SICK AG (http://www.sick.com)
JAI A/S (http://www.jai.com/en/)
Allied Vision Technologies (http://www.alliedvisiontec.com/emea/home.html)
Basler (http://www.baslerweb.com)
LMI Selcom (http://www.lmi3d.com/)
There are many more. They too complain that Linux sometimes makes it more difficult to implement transducer queries than 'the other OS'. Their techniques are similar to mDNS and such things.
I would use these in my application, as one does. I do NOT repeat NOT want to run measurement software as root just to satisfy this need.
But this is not really related to the topic of Desktop security that Linus was mostly ranting about.
Well, these suppliers provide, quite often, QT apps that allow one to configure their devices. They need to first locate them. A network broadcast is what they would like to do. Except on Linux this requires root permissions. So, the user mode gui that is going to configure an external device (not the local Linux system really) is prevented from doing so because broadcasts are limited to root. Different situation. But caused by the exact same core issue. I thought it was relevant because if one focuses on making the squeaky wheel desktop apps work, the root problem (pun intended) remains. What is needed is a general approach to these permissions. As to the printer things: isn't it mainly configuration file access that is the problem? Why not an lpadmin group to which users could be added, and that the changeable files and directories would belong? In much the same way /dev access is controlled. Yours sincerely, Roger Oberholtzer OPQ Systems / Ramböll RST Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org