On Thu, 2006-08-10 at 13:41 -0500, Rick Stuart wrote: > Originally: Re: Fedora usability : a new project? (Rick Stuart) > > From: Rahul <sundaram@xxxxxxxxxx> > > Bringing davidz into the discussion if he hasn't been tracking fedora-desktop-list at all... David, look below :) Dan > > Rick Stuart wrote: > > > > > I welcome this idea! I have asked many folks about what they like and > > > dis like about Linux and I only get prejudiced statements. If you sit > > > someone ( a familiar and comfortable user of Windows) in front of your > > > pride and joy 64-bit Fedora Core 5 install and invite them to try it > > > out, they will fail to see any value. If you help them find their way > > > to stuff, they will certainly hit a brick wall that you have to fix by > > > opening a terminal window, and then it's all over. > > > > > > Here are a couple of suggestions: > > > > > > Provide an option to configure users with sufficient privileges so that > > > they can enter their OWN password for administrative access instead of > > > ROOT's. ( /usr/bin/system-config-* linked to "consolehelper" ) For a > > > good model, check out UBUNTU......sorry about your toes. Something like > > > /etc/consolehelpers a-la /etc/sudoers. > > > > > > > That isnt really a good model. > > > > https://www.redhat.com/archives/fedora-extras-list/2006-July/msg00814.htm > > > > From: David Nielsen <david@xxxxxxxxxxxxx> > > > > > > > > PolicyKit should provide this functionality the right way. I don't know > > if we have an ETA on this being useful but I would rather wait for a > > proper fix than use priviliage escalation that can introduce problems > > like horrid security . having to audit half a million lines of GTK+ code > > because it now runs as root and any slight bug could take down the > > system is my very definition of not funny. > > > > > PolicyKit looks interesting based on the discussions Rahul included. > Correct me if I got it wrong, but would PolicyKit allow an > administrator to set people up so they can do certain things as > administrators (like mounting a disk) ? It looked like the user gets > no challenge for authorization if they are set up to be able to do > that. I actually think that is a problem. I think that when someone > is executing with root privileges, they should be aware of it and > consider whether they meant to do that. That is why I suggested a > [SUDO]consolehelper. I am assuming that Rahul was referring to that > as being a bad model. I agree that giving everyone this ability like > UBUNTU does it is a problem. However, I do not agree that setting > policies for a user and not reminding him/her what their action > implies is any better. > > In our corporate Windows world, we can set domain policies and local > policies that give people more administrative rights. We then invest > much more support time trying to unravel what they accidentally did > because they had elevated privileges and got no warnings when they > mis-stepped. Our Linux desktops have very few such problems even > though we have a fairly large number of "sudoers" who can do root > level tasks, but have to do so intentionally. These sudoers don't > need or want the root password, but they can do their jobs without > problems as long as they know the CLI commands to do it. We have > started reducing Windows users default admin rights and force them to > intentionally (and temporarily) elevate themselves to do admin tasks. > The biggest problem is the fact that they have to log out and in to > get the elevated rights on Windows. > > Note also that MicroSoft has started popping up a lot more warnings > asking people if they REALLY want to install the Trojan binary. > People hate it, but what can you do? > > I realize this may fit better in a security discussion, but I consider > it a basic usability issue so I am throwing it out here. > > Thanks, > > Rick > -- > > Fedora-desktop-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-desktop-list -- Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
