Complexity eats kittens alive!!!
Complexity eats kittens alive!!!
Posted Nov 24, 2009 2:18 UTC (Tue) by AdamW (subscriber, #48457)In reply to: Complexity eats kittens alive!!! by man_ls
Parent article: Fedora 12 to remove unprivileged package installation
su/sudo: your disk management tool runs as root, or as user. ain't choice great?
policykit: administrator can define fine-grained policies for all the following actions:
Mount a device
Mount a system-internal device
Check file system on a device
Check file system of a system-internal device
Unmount a device mounted by another user
List open files
List open files on a system-internal device
Eject media from a device
Detach a drive
Modify a device
Modify a system-internal device
Refresh ATA SMART data
Run ATA SMART Self Tests
Retrieve historical ATA SMART data
Unlock an encrypted device
Lock an encrypted device unlocked by another user
Configure Linux Software RAID
Cancel a job initiated by another user
Inhibit media detection
Set drive spindown timeout
don't you see how that level of granularity might be just a _tad_ welcome to your average admin? Bear in mind that it's relatively simple to set up policies based on several levels of user roles, each level having a particular set of permissions, so you can set up a bunch of tailored profiles for your particular installation, and easily slot new users into the appropriate role for them...
Posted Nov 24, 2009 7:08 UTC (Tue)
by man_ls (guest, #15091)
[Link]
Posted Nov 24, 2009 15:53 UTC (Tue)
by dskoll (subscriber, #1630)
[Link] (2 responses)
don't you see how that level of granularity might be just a _tad_ welcome to your average admin? No, not really. Explain what the difference between "a device" and "a system-internal device" is. What, exactly, are you allowed to do if you are allowed to "Modify a device"? What does "Cancel a job initiated by another user" mean? Kill someone's process? Stop an "at" or "cron" job? We see here creeping Microsoftisms. Vaguely-defined actions (described in dumbed-down, imprecise language) that are supposedly security-critical, so the average admin is completely confused as to what he or she should allow. This is a real step backwards.
Posted Nov 24, 2009 20:48 UTC (Tue)
by nix (subscriber, #2304)
[Link] (1 responses)
What a 'job' is, I have no idea. I agree, there should be a
Posted Nov 24, 2009 21:10 UTC (Tue)
by dskoll (subscriber, #1630)
[Link]
The distinction between 'device' and 'system-internal device' is clear
enough: the latter should really be 'external device'. It's not clear to me. What if I have a hot-swappable SCSI disk? Is that internal or external? How about if my root file system is on an external USB device? (Don't laugh... I run my EEEPC that way.) Some of the categories listed don't look useful to me. In fact, they look dangerous exactly because they are imprecise. If complexity is the enemy of security, then imprecision is the nuclear weapon.
Sure, it looks very useful and a real advance over classic Unix permissions. It should be easy to sell to companies. But it is also more complex than classic Unix permissions, so the simpler it is to manage the better.
Complexity eats kittens alive!!!
Complexity eats kittens alive!!!
Complexity eats kittens alive!!!
enough: the latter should really be 'external device'. Basically the
latter is internal disks and the former is USB stuff and things like that.
maximally-precise version of the descriptions.
Complexity eats kittens alive!!!