Re: Torvalds:requiring root password for mundane things is moronic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/03/2012 03:22 PM, Miloslav Trmač wrote:
On Sun, Mar 4, 2012 at 12:03 AM, Scott Doty<scott@xxxxxxxxx>  wrote:
How about allowing all printer management of local printers (including
adding a network printer, as Linus&  his daughter were dealing with) with
two factors:

1) user password
2) physical access

...because PolKit already knows when the user is sitting at the console,
right?
"Sitting at the console" is not equivalent to "unrestricted physical
access" allowed, e.g. in any university computer lab.

Agreed. Since we're talking two use case though -- home user and lab user -- it would make sense to have another rpm that would be installed to give the desired behavior to one of the cases (the other case being the default).

I'm not sure about the demographics of Fedora installations, but I would suspect that most lab administrators will be more cognizant of what goes into their lab machines. Thus, I suggest there be added a new package to alter the behavior for lab machines (and similar use cases), something like polkit-i-am-a-lab, or whichever.

What do you think?

Also:
> From my POV, the guiding principle is "is this changing the setup for
other users of the machine? If so, then it needs authentication."
(see also https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy
).  Under this rule, adding a system-wide printer definitely needs
administrative authentication (but we may provide a way to configure
single-user machines so that they don't require the authentication,
see again the draft).

Another way to look at this issue is - if printers were maintained
per-user (per-user, unprivileged cups daemon, per-user configuration,
per-user print queue), there would be no reason to ask for
authentication.  Given that printers are so often networked nowadays
and no access to hardware is required, we might even be able to avoid
running the system-wide cups daemon at all in some cases.  There would
be one less process running as root, no reason to authenticate, an
increase both in security and ease of use.  We would be actually
_solving_ the problem instead of tinkering with administration
requirements to hide it so that Linus doesn't notice :)

Would something like this at all possible to do with cups and the
current printing design and protocols?
    Mirek

This has a lot of merit(!) I suggest that it be handled as an _addition_ (not a replacement) to the library as library support for per-user networked printers that don't use the cups daemon at all. There is nothing lost with that from a security perspective, because the user could just print to a file, and nc it off to a jetdirect printer port (or use the samba client, or whatever).

The reason for the addition would be to avoid having to completely replace cupsd, as well as giving the system administrator (in the lab, or otherwise) the option to continue to use cupsd. Because philosophically speaking, I'd rather have choice than a one-size-fits-all. (ahem).

Also, I did file a bug at freedesktop.org, where (maybe?) discussing policy changes might be appropriate:

https://bugs.freedesktop.org/show_bug.cgi?id=46943

 -Scott

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux