User: Password:
Subscribe / Log in / New account

Security or Convenience? Defining a better policy

From:  Andreas Jaeger <>
To:  "opensuse-factory" <>
Subject:  Security or Convenience? Defining a better policy
Date:  Tue, 22 May 2012 14:48:12 +0200
Message-ID:  <>
Archive-link:  Article

I just put the following on my blog as well ( 
and look forward to your help defining a better policy:

The openSUSE security concepts have been changed gradually over the years
with new tools like PolicyKit, PolKit and its usage in system tools.

It's time now to step back, and review what we have and want.

Marcus and Ludwig from the SUSE security team and myself have
discusssed over the last weeks a bit and like to open this to a
broader round now to get your help defining what needs to be done.

= Challenges we face =

Administrating a system in a secure way is always balancing the needs
and requests of security, convenience and usability.  There's also the
additional challenge that upstream projects often have a different
view on either of these and therefore make different decisions and
influencing upstream projects is quite often a difficult task.

= Background =
Linus Torvalds in his Google+ rant

"I first spent weeks arguing on a bugzilla that the security policy of
requiring the root password for changing the timezone and adding a new
wireless network was moronic and wrong.

I think the wireless network thing finally did get fixed, but the
timezone never did - it still asks for the admin password.

And today Daniela calls me from school, because she can't add the
school printer without the admin password.

So here's a plea: if you have anything to do with security in a
distro, and think that my kids (replace "my kids" with "sales people
on the road" if you think your main customers are businesses) need to
have the root password to access some wireless network, or to be able
to print out a paper, or to change the date-and-time settings, ..."

= How to continue? =

We've collected a couple of use cases for the administration of a
local system at:

For each use case we added a short security evaluation but in most
cases don't give a recommendation on what to do. 

Call for action: Review and discuss using the following
* Are there any use cases missing?
* Is there any thing missing in the specific use cases?
* How can we solve these use cases so that a system is easy to setup
  for the most common usage scenarios?

Let's do the discussion on the opensuse-factory mailing list, I'll
update the document with any improvements. Feel free to enhance it as

 Andreas Jaeger aj@{,} Twitter/Identica: jaegerandi
  SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
   GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
    GPG fingerprint = 93A3 365E CE47 B889 DF7F  FED1 389A 563C C272 A126
To unsubscribe, e-mail:
To contact the owner, e-mail:

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds