Initial draft of privilege escalation policy
Adam Williamson
awilliam at redhat.com
Fri Jan 22 18:20:29 UTC 2010
On Fri, 2010-01-22 at 08:53 -0500, Matthias Clasen wrote:
> On Thu, 2010-01-21 at 15:17 -0800, Adam Williamson wrote:
>
> > The policy does not apply in the case of user accounts
> > which have been explicitly granted privileges by the system
> > administrator,
>
> I'm going to harp on this a litte more, since I really want to avoid
> being held against the letter of a policy later on that can be read in
> different ways: One of our medium-term goals for the desktop spin is
> to
> get to a situation where the root account can be disabled, and the
> first
> user gets created with an 'Administrator' role. In this case, the
> granting of privileges happens at installation time, not really
> 'explicitly by the system administrator'.
As far as the policy's considered, that user would be 'the system
administrator' in that case. We could define that, if you want to be
unambiguous about it.
> Another point I want to make is that this is not really a
> black-and-white situation (either you're root/admin or you are not).
> In addition to the 'Administrator' role, we also want to define a
> 'Standard' user role which will allow things that pointless to lock
> down
> on a typical desktop system, such as setting the clock, installing
> trusted updates, etc. It might be good to make it clear that giving a
> user a role such as this 'Standard user' role is covered by
> 'explicitly
> granted privileges'.
Again, it's already intended to mean this, but I'll try and clarify a
bit in the next draft if you like.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the test
mailing list