Security policy oversight needed?
Benjamin Kreuter
ben.kreuter at gmail.com
Thu Nov 19 17:23:57 UTC 2009
On Thursday 19 November 2009 10:51:19 am Richard Hughes wrote:
> 2009/11/19 Benjamin Kreuter <ben.kreuter at gmail.com>:
> > I would not say it is unreasonable to miss this detail,
> > since Fedora is periodically used as a base for RHEL, which is certainly
> > not a single user desktop system.
>
> Sure, and RHEL default policy will most likely be different to the Desktop
> spin.
I would hope so!
My point was that there are plenty of people out there who might be sticking
to assumptions about *nix from a decade ago, who could be managing small
groups of desktops (30 or less). I have seen this personally, and in most of
those cases the root password was absolutely necessary for installing
software. Allowing non-root users to install updates is just at the border of
what is OK for such circumstances, but allowing ordinary users to install new
packages is definitely going to far.
A number of people have suggested now that "single user desktop" be one of
many options. There should at least be a "multiuser desktop" of some kind,
with more restrictive policies in place, and it should not be hidden behind 3
levels of hyperlinks.
-- Ben
--
Message sent on: Thu Nov 19 12:11:26 EST 2009
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20091119/6212f2a1/attachment.bin
More information about the devel
mailing list