Local users get to play root?
Eric Christensen
eric at christensenplace.us
Thu Nov 19 02:58:21 UTC 2009
On Thu, 2009-11-19 at 07:52 +0530, Rahul Sundaram wrote:
> On 11/19/2009 07:50 AM, Mike McGrath wrote:
> > On Wed, 18 Nov 2009, Jeff Garzik wrote:
>
> >> 1) We should recognize this new policy departs from decades of Unix and Linux
> >> sysadmin experience.
> >>
> >> 2) F12 policy should be reverted to F11, ASAP. Possibly with a CVE.
> >>
> >> 3) Due to #1, F13+ should not deviate from the decades-old default.
> >>
> >> 4) Release notes should explain new [and after step #2, optional] policy in
> >> detail, including how to turn it off again. Seth's laudable write-up efforts
> >> should not have been necessary -- that info should be prepared.
> >>
> >> 5) The people who want this new security policy should add an opt-in checkbox
> >> in Anaconda or firstboot.
> >
> >
> > Does anyone disagree with anything in 1-5? It all sounds reasonable to
> > me?
>
> Release notes are being updated as we speak. I think, the "role" of a
> system, be it a personal desktop, workstation, server or something else
> can change post-installation as well. I don't think a simple checkbox in
> Anaconda is going to be useful enough. We need a tool to switch policies
> easily so that we can tweak the policies across a wide range of tools
> with things like PolicyKit and each of these policies can be written
> with particular audiences in mind.
>
> Rahul
>
I agree with 1-4 and Rahul.
--Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091118/a12b76c2/attachment.sig>
More information about the fedora-devel-list
mailing list