On 26.05.2012 18:26, Claudio Freire wrote:
On Sat, May 26, 2012 at 5:16 AM, Thomas Leineweber<thomas@tleine.de> wrote:
I would read it as follows:
If there is a dedicated account with it's own pwd for the administration of a service, it is not possible to see, who did the administration task. Nearly "everybody" could have logged in as the dedicated user, because many persons know the pwd. That is in contrast to the requirement, that you can find out who has done the administration task.
Ah, yes, of course.
Every admin would have their own user account, and that account would be a member of the group that has admin rights over the resource. That's how it has always been done in cli land, AFAIK, and that's how it ought to be done in the GUI too.
No, it isn't how it's done today with policykit nor is that how it should be done for the complex and fine-grained access control policy that is required here. We need roles as groups are much too limited and unsuitable for numerous reasons. The most important are that they are too coarse, difficult and inefficient to administer and inherently less secure. Roles allow fine-grained and centralized assignment of permissions to operations (rather than just filesystem objects) and improve security since they need to be explicitly assumed, possibly requiring authentication. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org