Let's start a new thread to look a bit more at different roles. I saw these two proposals: Stefan Seyfried proposed a machine use case:
Having a few "presets" with the most common use cases, best accompanied with a short description is still a good idea IMHO. Maybe stuff like:
* "Admin configured server": you need the root password for all changes
-> basically like in good old times before polkit and friends: you'll
need to "su -" and then use yast or whatever to change stuff.
* "User configured laptop": you are allowed to connect to WiFi networks,> connect printers and install package updates with your user account. For adding software repositories and installing additional software, you'll need the root passowrd.
* "third preset": I have no idea what a third preset could be
Hans Witvliet seems to suggest user roles:
Shouldnt be too hard for the YaST-guru's Sort of matrix.
In the end your security model has three options: 1) For home-users (or general: single responsibility) end user is allowed to do all. (what Linus wanted) 2) the old-fashioned way, where you need to be root for everything 3) above mentoned proposal, where the privilige for any particular part is assigned to a specific group, and where the utmost highest admin, can assign those priviliges to any user.
Fits nice in "the least privilige" model, easier to maintain security in a large organiation.
I think that we need different settings for different users - even on the same machine. So, some kind of roles. I like the idea of having some configuration module for special purposes and also the idea of role-based administration - just fear it might be difficult to do. So, my call for help again: Please give some proposals on what kind of roles/scenarios we want to offer - and be as precise on the different roles/scenarios as possible. Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org