Mailinglist Archive: opensuse (1036 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
  • From: Roger Oberholtzer <roger@xxxxxx>
  • Date: Thu, 01 Mar 2012 08:21:48 +0100
  • Message-id: <1330586508.23308.13.camel@acme.pacific>
On Wed, 2012-02-29 at 15:34 -0500, Patrick Shanahan wrote:
* Roger Oberholtzer <roger@xxxxxx> [02-29-12 15:28]:
On Wed, 2012-02-29 at 15:22 -0500, Robert Schweikert wrote:

On 02/29/2012 03:13 PM, jdd wrote:
Le 29/02/2012 20:40, Larry Stotler a écrit :
As many are aware, Linus Torvalds has started a rant about the
security policies

what about give sudo rights to his daugther?

That was one of the suggestions in the google+ comments.

sudo has the huge disadvantage that it opens up too much. The app can do
anything root can, when perhaps it is a limited thing you want to allow.

No, sudo can only do that which root has allowed exceptions for sudo-user
within /etc/sudoers. It can be very specific or widely general.
Exceptions *can* be set for controlling the printer, installing software,
connecting to wireless/wired access points, ..............

Don't you mean it can only run the specific programs allowed? Then, as
root, the allowed program can do whatever it wants. You cannot restrict
it to certain things. Perhaps it is my own pet peeve about limiting
network broadcasts to root that I am focusing on. That is a single thing
I would like a user program to be able to do. I do not want full root
access in the application for this. So if some device discovery /
configuration tool is provided by an equipment supplier, I do not need
to run it as root just so it can do an initial scan of what equipment is
available. 99.999% of the task the app will do does not require root
access. As the preferred interface for transducers drifts to ethernet,
this is becoming a real big hassle.



Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
roger.oberholtzer@xxxxxxxxxx
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread