Hello, On Mar 1 12:18 Roger Oberholtzer wrote (excerpt):
... the root problem (pun intended) remains. What is needed is a general approach to these permissions.
If the use case is "printer setup on my own machine", I think - but I am not at all a security expert - it should be an acceptable solution when the normal user's password and the root password are the same so that from the user's point of view there is just one password i.e. THE password. Then configuration changes could still require THE password which is - from my point of view - sufficiently easy to use and sufficiently secure because: - The owner of the machine can do any configuration changes, he only must provide THE password. - The owner of the machine cannot do configuration changes by accident because he must provide THE password. - Arbitrary persons who get access to the machine cannot do configuration changes (i.e. arbitrary persons cannot hijack the machine when it is running unattended). As far as I noticed what other wrote in this thread, this could be even already the default when installing an openSUSE system. If yes I wonder what the whole discussion is about? Does anybody really want that arbitrary persons are allowed by default to do configuration changes? I assume nobody wants this. Therefore I assume what is wanted is that not only one person is allowed by default to do configuration changes but that it is possible to allow particular other users (e.g. the owner of the machine and his best friend) to do particular configuration changes. As far as I know this is currently not possible. If this is wanted, a FATE feature request should help... Hint: https://features.opensuse.org/
As to the printer things: isn't it mainly configuration file access that is the problem?
No. Print queue related configuration files are written by the cupsd which has the right permissions to deal with its own files. Please see the documentation, in particular have a look at "General information on the command-line tools" and "Allow printer admin tasks for a normal user" at http://en.opensuse.org/SDB:CUPS_in_a_Nutshell Regarding CUPS policies, have a look at the YaST printer module. By the way: As far as I understand Vincent Untz' comment https://bugzilla.novell.com/show_bug.cgi?id=749451#c3 this could be - from my point of view - a major security issue when the Gnome desktop printer setup tool system-config-printer does not work in compliance with the CUPS "Operation Policies" but uses instead its own kind of "provide admin permissions" tool cups-pk-helper. Assume someone has set up his own computer and thinks it is secure against configuration changes so that he can let someone else work on his computer - but actually this other person can change the print queues via the Gnome desktop so that all (possibly confidential) print jobs print as usual (so that the betrayal is not easily noticed) but additionally it sends a copy of what is printed to an external destination. I hope that by default this is currently not possible but I think many ask for such a default. And vice versa: Assume someone has set up the CUPS operation policy "allowallforanybody" so that anyone can do any printing stuff but this does not work under the Gnome desktop because the Gnome desktop printer stuff does not work in compliance with the CUPS "Operation Policies". I did not test if this is actually the case. I only like to point out that it is in general a bad idea when a desktop environment would do such stuff on its own. Generally: It is a very bad idea when whatever kind of higher-level programs do not work in compliance with the underlying lower-level stuff. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org