On Tuesday, May 22, 2012 21:41:07 Hans Witvliet wrote:
On Tue, 2012-05-22 at 12:46 -0500, Bryen M Yunashko wrote:
On Tue, 2012-05-22 at 14:40 -0300, Claudio Freire wrote:
So I'd kindly suggest that a yast module for that, and sensible defaults, would be a priority.
Perhaps it would be a better approach here if we came up with a comprehensive list of items that need to remain security-protected versus not needed. Or does such a list exist somewhere already?
Excuse me for jumping into the middle of the thread..
But does it have to be binary: either-or-not? I would rather see a more granular approach...
How about defining an "admin" group. You should be able to add some users to that group.
And all of those "admins" should be able to manage printers, wifi-stuf, and updates.
Or even better: create multiple groups: each for its own group of applications. So some users might be able to fiddle with wifi, but nothing else, while others are only allowed to do updates
For an ordinary home-users, the default user should be member of all those admin groups, while on office-laptops, one should be able to do wifi and printers, but remains properly shielded from installing malware.
I think one should be able to create a reasonable list of allications that deserve there own admin-group:
software (general) updates network (general) wifi printers apache database ldap mail
What about the following if you're the apache admin: The yast2 apache module might need to install other packages - should this be allowed or not? You could add all those roles but I fear it makes administration more difficult. How can we setup in an easy way the most use cases? We still might need for the last 10% esoteric options a config file to change the defaults but what is the normal way? Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org