Initial draft of privilege escalation policy

Matthias Clasen mclasen at
Fri Jan 22 13:53:55 UTC 2010

On Thu, 2010-01-21 at 15:17 -0800, Adam Williamson wrote:

> The policy does not apply in the case of user accounts
> which have been explicitly granted privileges by the system
> administrator,

I'm going to harp on this a litte more, since I really want to avoid
being held against the letter of a policy later on that can be read in
different ways: One of our medium-term goals for the desktop spin is to
get to a situation where the root account can be disabled, and the first
user gets created with an 'Administrator' role. In this case, the
granting of privileges happens at installation time, not really
'explicitly by the system administrator'. 

Another point I want to make is that this is not really a
black-and-white situation (either you're root/admin or you are not). 
In addition to the 'Administrator' role, we also want to define a
'Standard' user role which will allow things that pointless to lock down
on a typical desktop system, such as setting the clock, installing
trusted updates, etc. It might be good to make it clear that giving a 
user a role such as this 'Standard user' role is covered by 'explicitly
granted privileges'.

More information about the test mailing list