Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?

Hello,

(Lars, why did you leave out the salutation?)

On Mar 1 17:27 Lars Müller wrote (excerpt):
On Thu, Mar 01, 2012 at 02:53:26PM +0100, Johannes Meixner wrote:
If the use case is "printer setup on my own machine",
...
- The owner of the machine can do any configuration changes,
he only must provide THE password.

Even with a single user you might not like to share the root password.

Either I do not understand what you write or you do not
understand what I wrote.

I meant that the user who works on the machine and its owner
are one same person.

In this case I do not understand what you mean with
"not share the root password"?

How should one same person not share all passwords which
he has in his one same brain?


The discussiion is not about arbitrary people. It's about existing
users which must not have root access.

Users which must not have root access must not be allowed
to change the print queues.

It really helps to read the documentation or at least read
what our security experts wrote.

It really helps to get some basic background knowledge about an issue
to be able to contribute something useful to make it move forward
instead of only repeating again and again same old nonsense.


https://features.opensuse.org/

Oh the feature pat cemetry. That's such a good place to get people shut
up. ;) I'm quite sure if it got filed there we'll see it addressed in
2020. Maybe.

I don't know what a "pat cemetry" is - did you mean "cemetery"?
But what do you mean with "pat" in this case?

Regardless what you actually meant, I think issues with FATE
are off-topic here.

Please start a new mail thread or file a Bugzilla bug report
or file a FATE feature request in such cases.


Wouldn't it be much easier to allow all local users to modify the cups
configuration if the administrator prefers this?

What exactly is a "local user"?
Unix user accounts do not distinguish between "local" and "remote".


Again, we should not set this by default. But on request by the adim
from inside the YaST install/ printer setup dialog.

Do you mean a YaST printer setup dialog to set up what I described
at "Allow printer admin tasks for a normal user" in
http://en.opensuse.org/SDB:CUPS_in_a_Nutshell

If yes, please file a FATE feature request.

Do not file a bug report because missing features are no bugs
(I would have to close such a bug report as "invalid).


For those who my wonder why I insist on a FATE feature request:

Without a FATE feature request that is approved by management
I will not get any time at all to implement anything new
for openSUSE.

The reason is that by default work for business products
(SUSE Linux Enterprise Server/Desktop and so on - i.e. stuff
where our customers pay for which pays in the end my salary)
has higher priority than work for openSUSE - and of course
there is always work to be done for business products...

For our business products there is no such feature request.

I guess because admins in the corporate world read the
documentation and just do what I described
at "Allow printer admin tasks for a normal user" in
http://en.opensuse.org/SDB:CUPS_in_a_Nutshell

I guess those admins do not need a GUI for printing system
configuration.

Therefore you - the openSUSE people - must contribute your part
which is in this case: File a FATE feature request and make it
sufficiently known to those who decide about openSUSE features
and keep involved with it to get it decided as you need.


This is my last mail regaring this issue.
Any further working time which I spend on this issue requires
that an appropriate FATE feature request exists.


Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany
HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
< Previous Next >
This Thread