Re: Security or Convenience? Defining a better
policy
[Posted May 23, 2012 by jake]
| From: |
| Hans Witvliet <suse-AT-a-domani.nl> |
| To: |
| suserocks-AT-bryen.com |
| Subject: |
| Re: Security or Convenience? Defining a better
policy |
| Date: |
| Tue, 22 May 2012 21:41:07 +0200 |
| Message-ID: |
| <1337715668.4431.60.camel@t43.lan0.a-domani.nl> |
| Cc: |
| opensuse-factory-AT-opensuse.org |
On Tue, 2012-05-22 at 12:46 -0500, Bryen M Yunashko wrote:
> On Tue, 2012-05-22 at 14:40 -0300, Claudio Freire wrote:
> > So I'd kindly suggest that a yast module for that, and sensible
> > defaults, would be a priority.
>
> Perhaps it would be a better approach here if we came up with a
> comprehensive list of items that need to remain security-protected
> versus not needed. Or does such a list exist somewhere already?
>
Excuse me for jumping into the middle of the thread..
But does it have to be binary: either-or-not?
I would rather see a more granular approach...
How about defining an "admin" group.
You should be able to add some users to that group.
And all of those "admins" should be able to manage printers, wifi-stuf,
and updates.
Or even better: create multiple groups: each for its own group of
applications.
So some users might be able to fiddle with wifi, but nothing else, while
others are only allowed to do updates
For an ordinary home-users, the default user should be member of all
those admin groups, while on office-laptops, one should be able to do
wifi and printers, but remains properly shielded from installing
malware.
I think one should be able to create a reasonable list of allications
that deserve there own admin-group:
software (general)
updates
network (general)
wifi
printers
apache
database
ldap
mail
Hans
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
