Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
On Thu, Mar 01, 2012 at 04:33:29PM -0500, James Knott wrote:
Jim Henderson wrote:
What I'm saying is that different people have different requirements
based on what their use case is for the software. Some people need
restrictive policies because they're in higher security environments.

Not to put too fine a point on it, James, but this is complete nonsense.
You're assuming that in the "real world" everyone has the exact same
requirements for security. That is demonstrably not true.

As I have I said several times, it should be optional, at the dicretion
of the admin or employer. However, that does not seem to be possible at
the moment and that's what all the fuss is about. The developers
decided they knew better than the users about what security is required
to the point that it is currently useless in many business
environements.

The security team decided on a good standard policy.

No other developers were found that worked on a good design that is both
usable and secure.

As I mentioned, I would not be able to do my work for
that insurance company, if I'd been handed openSUSE 12.1

You can change the settings on your own machine (or your admin can).

Currently e.g. like:

- edit /etc/polkit-default-privs.local

add the lines:
org.opensuse.cupspkhelper.mechanism.printer-set-default
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.printer-enable
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.printer-local-edit
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.printer-remote-edit
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.class-edit
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.server-settings
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.printeraddremove
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.job-edit
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.job-not-owned-edit
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.devices-get
auth_admin_keep:auth_admin_keep:yes
org.opensuse.cupspkhelper.mechanism.all-edit
auth_admin_keep:auth_admin_keep:yes

(the "yes" to the third argument gives the active user full rights to all these
calls.)


That said ...

For printing our thoughts are:
- auto detect and autoconfigure local USB printers

this works for known printers.

- discover IPP network printers by network browsing and configure them
automatically

If the machines firewall zone is set to "internal"

- (samba printers? unclear what to do)

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread