On Sun, Mar 4, 2012 at 12:03 AM, Scott Doty <scott@xxxxxxxxx> wrote: > How about allowing all printer management of local printers (including > adding a network printer, as Linus & his daughter were dealing with) with > two factors: > > 1) user password > 2) physical access > > ...because PolKit already knows when the user is sitting at the console, > right? "Sitting at the console" is not equivalent to "unrestricted physical access" allowed, e.g. in any university computer lab. >From my POV, the guiding principle is "is this changing the setup for other users of the machine? If so, then it needs authentication." (see also https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy ). Under this rule, adding a system-wide printer definitely needs administrative authentication (but we may provide a way to configure single-user machines so that they don't require the authentication, see again the draft). Another way to look at this issue is - if printers were maintained per-user (per-user, unprivileged cups daemon, per-user configuration, per-user print queue), there would be no reason to ask for authentication. Given that printers are so often networked nowadays and no access to hardware is required, we might even be able to avoid running the system-wide cups daemon at all in some cases. There would be one less process running as root, no reason to authenticate, an increase both in security and ease of use. We would be actually _solving_ the problem instead of tinkering with administration requirements to hide it so that Linus doesn't notice :) Would something like this at all possible to do with cups and the current printing design and protocols? Mirek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
