On Thursday 26 June 2008 00:28, Martin Mielke wrote:
as you know, you can "summon" single YaST modules directly. For example:
yast2 sw_single -- for software management yast2 lan -- for network configuration
Nice idea, but this is a huge security hazard. For example, there is the
debugging xterm you can get in the Qt version with Shift-Ctrl-Alt-X. You
don't want restricted rights admins to get access to a root shell that
easily.
As of now, there is no really reliable and secure way for this "role based
access". We have been making plans and concepts for quite some time, but even
the concept phase is far from finished now. When we do it, we want to do it
right, and not open dozens of security problems.
Please also think about all the things an admin with permission to install
software can do. Basically, he can set up his own root shell or root kit RPM,
install that one and get root access for evermore.
CU
--
Stefan Hundhammer