* JP Rosevear <jpr@novell.com> [Mar 08. 2007 17:01]:
You pointed out the policy piece in cups 1.2 which is great, that gives us the underlying tools to solve this.
... which seems to be limited to cups. There exists a myriad of implementation to delegate access rights to users in Linux. On the low level pam modules is one, resmgr another, then we have policy kit, setuid-root binaries, etc. ZENworks brings its own framework for role based access control (rbac), cups has policies, YaST is supposed to support rbac in the future. I'm not a security expert, so these things might have non-overlapping semantics. But they certainly do overlap in certain areas. The more such implementations exist, the more ways hackers will find to break them. Long term, I'd like to see one architecture to delegate 'specific root rights' to users rather than extending different implementations for specific use cases. Just my $0.02 ;-) Klaus --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org