Security policy oversight needed?
Owen Taylor
otaylor at redhat.com
Thu Nov 19 14:28:08 UTC 2009
On Thu, 2009-11-19 at 13:36 +0000, Richard Hughes wrote:
> 2009/11/19 Owen Taylor <otaylor at redhat.com>:
> > By having that two part policy, and having the straightforward user
> > configuration GUI that we've been wanting for years, I think we cover
> > almost everything. And we don't have to ask the user at install time a
> > question that they can't answer: "do you want your machine to be safe or
> > to be convenient?"
>
> Would this be part of the existing system-config-users tool or a new
> thing altogether?
I think the assumption we've been making it would be working via
PolicyKit rather than than consolehelper and wouldn't be called
system-config-*, but that's really a detail.
The bigger deviation is the user interface; system-config-users is
basically /etc/passwd in a GtkTreeView.
We'd want to introduce the idea of predefined roles.
We'd want to include the head-shots shown in GDM, and otherwise
make the user interface pretty and friendly.
We might even want to add things like "parental control" type
configuration of when certain users can use the computer.
> Are there any prototypes or mockups yet?
I think we may have gotten to the mockup stage a couple of times; I seem
to remember some designs that Bryan Clark did a couple of years ago, and
there was another bit of work on it about a year ago. You can ask
around.
The project has tended to suffer a bit from scope creep. It's pretty
clear how to design a nice tool that manages local users. Personally I
think that's what we should write. But once you start worrying about
LDAP and frameworks for network login abstractions, then it gets much,
much harder to create a pleasant experience for the simple case.
- Owen
More information about the devel
mailing list