On Thu, Jun 02, 2016 at 01:04:44PM +0200, Lennart Poettering wrote: > Well. Let's say you are responsible for the Linux desktops of a large > security-senstive company (let's say bank, whatever), and the desktops > are installed as fixed workstations, which different employees using > them at different times. They log in, they do some "important company I definitely see the use of the option. However, the above isn't the target for _any_ of the Fedora Editions, except _maybe_ "Developer in a large organization" for Workstation, and even then I think it's not likely to be the above. > This is really just one example. This model I think really needs to be > the default everywhere. On desktops and on servers: unless the admin > permitted it explicitly, there should not be user code running. If you > allow your intern user access to a webserver to quickly check our the > resource consumption of some service that doesn't mean that he shall > be allowed to run stuff there forever, just because he once had the > login privilege for the server. And even more: after you disabled his > user account and logged him out, he really should be gone. "On desktops and on servers: unless the admin permitted it explicitly, there should not be user code running" is a fine statement of policy, but it's _definitely_ policy, not fact, or even generalized best practice. Disabling user accounts and logging someone out seems like a separate management problem not necessarily addressed by this anyway (how do you ensure logout on all systems?). -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
