On Tue, May 22, 2012 at 01:43:04PM -0300, Claudio Freire wrote:
On Tue, May 22, 2012 at 11:00 AM, Bryen M Yunashko <suserocks@bryen.com> wrote:
eg: I would like YaST2 never ask me root password to install software, since it's my laptop and no one else can use it...but it'll surely be banned in a security expert's eyes, and I don't know how to adjust it for myself
I agree that some basic functionalities shouldn't require passwords. Obvious are adding wifi networks or printer connections. However, I still greatly appreciate requiring a password even on my own machine for software installations. If anything, it becomes a gentle reminder to me that I must exercise my abilities with caution.
But that's the point: "require passwords" doesn't mean "require root password".
As sudo asks *your* password, those tools that handle wifi, printers and such should also ask the user's password, and check whether the user has permission to administer wifi, printers, and such.
We have sudo. Can't sudo be used for this? I imagine not because it's a dbus issue. But then, dbus should be extended to support sudo-like handling of permissions.
No, these days everything talks over dbus and requests permissions via policykit.
Also, installing software from configured repos is not the same, security-wise, to installing software from source or from untrusted repos.
Of course. Installing software from known repositories can also be split in two different things: - install software by name - install software by name-version-release the latter could be used to downgrade packages and make them unsecure, so it should be different usecases. ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org