Hello, on Samstag, 28. April 2007, Marcus Meissner wrote:
On Sat, Apr 28, 2007 at 08:43:36PM +1200, Volker Kuhlmann wrote:
SuSEconfig supports 3 different security levels for file permissions - easy, secure, paranoid. Default is easy. Is this still appropriate?
IMHO "secure" would be a good default.
The higher the security level, the more things stop working. I have considered "secure" a good choice for many years, and haven't seen any loss of functionality personally. However, suseupdater fails at "secure", displaying a yellow triangle with a bubble help of subprogram failed and mentioning suid.
Is this advanced voodoo for experienced Susers only, does this want some adjustment, or a better explanation for less experienced users?
The opensuseupdater should perhaps just not start when "secure" is selected.
Marcus, I know we had this discussion already, and you probably remember my opinion ;-) IMHO opensuseupdater _should_ start and be able to list available updates when running with permissions.secure. Your suggestion not to run it would mean that the user misses updates, which would make the system less secure as a consequence... (And there's still the root password request before any package is installed. Therefore we "only" talk about some user-friendly update notification without any impact on the system here.) For the records: I'm running my system with permissions.secure and only have the following entries in permissions.local: # bug 175616, remained from zen-updater, probably no longer needed /opt/gnome/lib/libgnomesu/gnomesu-pam-backend root.root 4755 # zypp - allow opensuseupdater to do its job /usr/sbin/zypp-checkpatches-wrapper root:root 4755 Regards, Christian Boltz -- Wenn ich eine SuSE-CD an ein Schwein binde und dieses trete, laufen KDE & Co. auch ohne RAM recht schnell. [Robin S. Socha in de.comp.os.unix.linux.newusers] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org