On Thu, Mar 01, 2012 at 02:53:26PM +0100, Johannes Meixner wrote:
On Mar 1 12:18 Roger Oberholtzer wrote (excerpt):
... the root problem (pun intended) remains. What is needed is a general approach to these permissions.
If the use case is "printer setup on my own machine", I think - but I am not at all a security expert - it should be an acceptable solution when the normal user's password and the root password are the same so that from the user's point of view there is just one password i.e. THE password.
Then configuration changes could still require THE password which is - from my point of view - sufficiently easy to use and sufficiently secure because:
- The owner of the machine can do any configuration changes, he only must provide THE password.
Even with a single user you might not like to share the root password.
- The owner of the machine cannot do configuration changes by accident because he must provide THE password.
And exactly this password is intendend even not to be shared. You addressed an issue which was not discussed. ;)
- Arbitrary persons who get access to the machine cannot do configuration changes (i.e. arbitrary persons cannot hijack the machine when it is running unattended).
As far as I noticed what other wrote in this thread, this could be even already the default when installing an openSUSE system.
If yes I wonder what the whole discussion is about?
Does anybody really want that arbitrary persons are allowed by default to do configuration changes?
The discussiion is not about arbitrary people. It's about existing users which must not have root access. More and more I believe printing with Linux is a great attempt to save our woods. ;)
I assume nobody wants this.
Therefore I assume what is wanted is that not only one person is allowed by default to do configuration changes but that it is possible to allow particular other users (e.g. the owner of the machine and his best friend) to do particular configuration changes.
As far as I know this is currently not possible.
If this is wanted, a FATE feature request should help...
Oh the feature pat cemetry. That's such a good place to get people shut up. ;) I'm quite sure if it got filed there we'll see it addressed in 2020. Maybe. Wouldn't it be much easier to allow all local users to modify the cups configuration if the administrator prefers this? Wouldn't be adding the group named users, where all local users are a member of, by default to the SystemGroup enough? cupsd runs as root. Therefore the suggested approach might scare the security team. But this might get the issue solved and we might add a warning and it might open the door less than giving the root password to the user. Again, we should not set this by default. But on request by the adim from inside the YaST install/ printer setup dialog. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany