On Thu, Jun 02, 2016 at 01:04:44PM +0200, Lennart Poettering wrote:
Well. Let's say you are responsible for the Linux desktops of a
security-senstive company (let's say bank, whatever), and the desktops
are installed as fixed workstations, which different employees using
them at different times. They log in, they do some "important company
I definitely see the use of the option.
However, the above isn't the target for _any_ of the Fedora Editions,
except _maybe_ "Developer in a large organization" for Workstation, and
even then I think it's not likely to be the above.
This is really just one example. This model I think really needs to
the default everywhere. On desktops and on servers: unless the admin
permitted it explicitly, there should not be user code running. If you
allow your intern user access to a webserver to quickly check our the
resource consumption of some service that doesn't mean that he shall
be allowed to run stuff there forever, just because he once had the
login privilege for the server. And even more: after you disabled his
user account and logged him out, he really should be gone.
"On desktops and on servers: unless the admin permitted it explicitly,
there should not be user code running" is a fine statement of policy,
but it's _definitely_ policy, not fact, or even generalized best
Disabling user accounts and logging someone out seems like a separate
management problem not necessarily addressed by this anyway (how do you
ensure logout on all systems?).
Fedora Project Leader