On Fri, Mar 2, 2012 at 2:20 PM, Jim Henderson <hendersj@gmail.com> wrote:
On Fri, 02 Mar 2012 23:03:27 +0100, Marcus Meissner wrote:
On Thu, Mar 01, 2012 at 04:33:29PM -0500, James Knott wrote:
Jim Henderson wrote: As I have I said several times, it should be optional, at the dicretion of the admin or employer. However, that does not seem to be possible at the moment and that's what all the fuss is about. The developers decided they knew better than the users about what security is required to the point that it is currently useless in many business environements.
The security team decided on a good standard policy.
One might argue that the security team decided on a default "secure" policy, which might be a bit too restrictive for some people.
No other developers were found that worked on a good design that is both usable and secure.
It's a matter of convenience - if someone wants to be less secure, the can of course set the system up to be that way, but they bear the consequences of it.
You can change the settings on your own machine (or your admin can).
Currently e.g. like:
- edit /etc/polkit-default-privs.local
add the lines: org.opensuse.cupspkhelper.mechanism.printer-set-default auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.printer-enable auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.printer-local-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.printer-remote-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.class-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.server-settings auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.printeraddremove auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.job-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.job-not-owned-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.devices-get auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.all-edit auth_admin_keep:auth_admin_keep:yes
(the "yes" to the third argument gives the active user full rights to all these calls.)
That's a pretty ugly way to have to modify the policy, and the values aren't (as near as I've been able to tell) very well documented anywhere.
Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I would still prefer a graphical way of doing this in yast and a security selection in the installer with a low, medium and high security profile. -- ____________ Steven L Hess ARS KC6KGE DM05gd22 Skype user flamebait Cell 661 487 0357 (Facetime) Google Voice 661 769 6201 openSUSE Linux 12.1 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org