Mailinglist Archive: opensuse (1786 mails)

< Previous Next >
Re: [opensuse] best practices? setting up simple opensuse for newbie (sudo/kdesu and passwords, autoupdates)
cagsm said the following on 11/22/2011 06:07 AM:

[snip]

i thought about sudo and kdesu
[snip]

It sounds like you have realistic concerns about security.

I would advise one of the following.

1. Don't be obsessively concerned about updates.
This isn't MS-Windows. If you are running the firewall
then Linux, ipso facto, overcomes the greatest problem home
MS-Windows has, that a regular user has admin power and so
can be conned into installing malware.

If you think it matters, visit the user and do the update yourself.

2. 'sudo' and its bretheren are a good idea.
You can delegate a limited amount of root power.
Set it up so the user can only run 'zypper up' as root
from a console, Konsole or xterm.

Write out the instructions. Don't explain, just "do this".
They don't need to know what's under the hood.
They probably don't need to do this vrey often anyway.

3. Hack PAM.
I tried this once so that I could kdesu to the specific yast
module to do an update. I forget the details. You can do it
for gnome as well.

I don't advise hacking PolicyKit.
It may seem PolicyKit gets in the way of a lot of things, but in the end
what it comes down to is that PolicyKit is right and you need to look at
it from the other end.
--
Wisdom consists in being able to distinguish among dangers and make a
choice of the least harmful.
-- Niccolo Machiavelli, The Prince
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
References