Mailinglist Archive: yast-devel (144 mails)

< Previous Next >
Re: [yast-devel] Why YAST is too VAST
  • From: Johannes Meixner <jsmeix@xxxxxxx>
  • Date: Thu, 14 Feb 2008 08:12:27 +0100 (CET)
  • Message-id: <Pine.LNX.4.64.0802140726360.1691@xxxxxxxxxxxxxx>

Hello,

On Feb 13 22:05 Stefan Hundhammer wrote (shortened):
The user of a standalone home PC with one printer can rightfully claim that
this is HIS printer and that he can do whatever he pleases with it, so it
doesn't make sense for him to acquire root privileges to administrate that
printer.

But this kind of user has (usually) installed the system
so that he knows the root password.

I never got one single request from such a user that he must
be able to set up his hardware without the root password.

Be careful not to confuse this with the reasonable request
that he should not need the root password to disable/enable
the print queue and/or to cancel any print job.
The latter does not change the actual print queue setup,
it is only about who is allowed to "operate" the print queue.


That printer might also be a network printer because it's so much more
comfortable to work with the laptop from the living room couch and work over
Wi-Fi. It's still his, and he's still the boss.

See where this is heading? Printer...network... all of a sudden, you find
yourself in a corporate environment where things get administered in a lot
less anarchic ways. There must be rules and order. System settings vs. user
settings are coming back with a vengeance.

You see, in a simple example everything is - well - simple. Who would have
guessed. But that's not the real world.

I think you waste your time with explanations.
Unfortunately - I explained the printing stuff so often again
and again and again - explanations are completely ignored.

They want "just print".
They never explain what exactly they want.
They get something but they never get what they want.


Also a role based yast

Apart from that increasingly becoming a buzzword (with an extra score of
bingo
points), exactly how would it help?

Do we abandon all privileges and permissions, becoming much more Windows-like
in the process? (And inviting all kinds of intruders, of course?)

Why not?
They want it.
They can get it.
They have to accept the consequences.

Of course for any real administrative task one needs root privileges
because this is how the underlying system is set up by default
(e.g. most system config files can only be changed by root).


Or do we still at least tell the user that whatever he is about to do is a
privileged operation and ask at least his confirmation (not necessarily his
password or a special "I, the XY subsystem admin" password)?

If there are YaST-specific "XY subsystem admin privileges" it means
that the whole YaST must be made secure against privilege escalation
because in the end YaST must act as root to actually do the
administrative task (e.g. change a config file, start/stop
a service, install a software package, ...).

Why not?
Just file a feature request so that it can be evaluated if it is
worth the effort (i.e. if there is a sufficient business case).


Yes, for some users this will be a learning curve.

This is not what is wanted.
What is wanted is that the user's mental model of the system
is not disturbed regardless how wrong it might be.

The consequence is catastrophic:
Users with a wrong mental model of the system
act with interfaces which please their wrong ideas
but result plain wrong stuff in the system
which results annoyance for the users
because it simply cannot work as they expect.


that allowed users to "sync" their user
preferences to the system (for instance timezone) would eliminate some
problems

A perfect example of privilege escalation and ignorance
of certain kind of problems (e.g. security problems).

Additionally it could be a mess when several different users
have the privilege to sync their timezone to the system.


Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany
AG Nuernberg, HRB 16746, GF: Markus Rex
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >