Fedora 12 to remove unprivileged package installation
Posted Nov 20, 2009 15:14 UTC (Fri) by drag
In reply to: Fedora 12 to remove unprivileged package installation
Parent article: Fedora 12 to remove unprivileged package installation
> And you seriously prefer that over sudo or configuring it properly? Am
I usually prefer to at least try to make something better rather then just
shrugging and keeping it insecure because it's easier that way.
> In the corporate environments where I work security and functionality
not at all tied to the desktop,
In most places security on desktops is rather important because that is
were people get most of their work done and they use desktops to access
everything else on the network. This is because they use things like
passwords and kerberos tickets as access controls.. if the desktops the
people are using is insecure then so is their access to everything else on
They'll use single sign on and things of that nature because the #1 (by a
huge margin) threat
to security is weak passwords and requiring users to remember multiple
passwords and type in passwords all the time is entirely counter
productive. It's absolutely critical that they make it as easy and
convenient as possible to use secure passwords. So the place the 'ticket'
is cache'd in very important as is the places people type their passwords
and access other services from; which of course is the desktop.
If all the desktop is nothing more then a overgrown a terminal then that's
easy... just deny
everything to everybody. But that's not the reality of many places.
None of this is really rocket science and policykit is not the huge bloated
monster that people are trying to pretend that it is. Server environments
are much simpler and much easier to manage, which is one of the reasons
Linux is popular on the servers, but is unpopular on the desktop. "Group
Policy" is, indeed, one of the killer features when it comes to something
like Active Directory. Policykit can provide one aspect of what people
consider 'group policy' and things like Sabayon provide the other half.
to post comments)