Torvalds:requiring root password for mundane things is moronic

[Chris Murphy]

On Mar 3, 2012, at 3:19 PM, Miloslav Trmač wrote:
> A complete lockdown to prevent transferring data out of the system is
> a much harder problem (even if you only allow users to run a web
> browser, they may use it to send data to a server).

Yeah, you're right, I can just open a gmail or dropbox account within a web browser, upload the data.

I think the distinction is "who is going to have to support the result". If it's a home user or small business, they will have to provide support no matter what the connection is; and in a many user environment with some kind of IT staff, it's potentially a different granularity. In some cases they may have no problem with a local printer being attached, or conversely as you point out may have no problem with remote printers.

But any printer addition affects the UI and UX, and a potential increase for support. Therefore blanket allowance for any user to add any device is probably not a good idea. Even if there aren't security risks.

I prefer the first created user defaulting to being an administrator. At least on Mac OS (not to suggest it's right, only that I'm most familiar with its behavior), the consequences to this are authentication dialogs appear far less often. And I'm added to the following groups:

_appserveradm
_appserverusr
_lpadmin
access_bpf
admin
com.apple.access_screensharing
com.apple.access_ssh


Without additional authentication, as an admin, I can add/modify/remove printers, change timezone, make network modifications, make file and device sharing modifications, perform software updates, change startup disk. Normal users can't change these things.

As admin, I can't make changes to users and groups, or security/privacy related changes unless there is additional authentication.

Chris Murphy