Security policy oversight needed?
Jonathan Dieter
jdieter at gmail.com
Thu Nov 19 11:58:41 UTC 2009
On Thu, 2009-11-19 at 11:45 +0000, Richard Hughes wrote:
> Surely if you're deploying a workstation (1000s of workstations?) you
> would just ship an extra package that set the PolicyKit policies
> according to the domain policy, so if I was a school, I would allow
> the active users to unplug removable drives, but not detach physical
> drives. I would also stop them installing and upgrading (not even give
> them the option to enter a root password) and also lock down who can
> change the clock. I would also prevent them from installing debuginfo
> files and being able to set thier audio system to real-time priority.
FWIW, what I set up for our school's Fedora 11 workstations is here:
http://jdieter.fedorapeople.org/lesbg-polkit-setup-client.spec
There are definitely some ways I could clean it up, but it at least
keeps me from having students installing software (or running updates)
without permission.
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20091119/fa5994dd/attachment.bin
More information about the devel
mailing list