Security policy oversight needed?
Richard Hughes
hughsient at gmail.com
Thu Nov 19 11:45:51 UTC 2009
2009/11/19 Rahul Sundaram <sundaram at fedoraproject.org>:
> Right. The alternative really is defining the roles and the target
> audience clearly for distinct set of policies and allowing the user to
> trivially select it during or post-installation.
I disagree, most people will just go for the default option without
understanding the subtle nuances of what they are being asked.
> So if I pick "personal desktop", the change you made makes sense. If on
> the other hand, I choose "workstation" profile, I would obviously need a
> more locked down profile.
Surely if you're deploying a workstation (1000s of workstations?) you
would just ship an extra package that set the PolicyKit policies
according to the domain policy, so if I was a school, I would allow
the active users to unplug removable drives, but not detach physical
drives. I would also stop them installing and upgrading (not even give
them the option to enter a root password) and also lock down who can
change the clock. I would also prevent them from installing debuginfo
files and being able to set thier audio system to real-time priority.
The real argument is what set of users upstream software should
target. There's an argument for upstream to default to "no" for all
actions and for the admin to install a policy for "desktop",
"workstation" etc, but then there's just the related problem of what
policy package to choose by default for "Fedora".
Richard.
More information about the fedora-devel-list
mailing list