Johann B. Gudmundsson wrote:
Andrew Farris wrote:
Johann B. Gudmundsson wrote:
Andrew Farris wrote:
� wrote:
Is there really any need for the user to have root access to the
computer he's or
to contact his system administrator ( in case he has one to begin
with )
to format the floppy he wants to save his OO document on ????
And when the user has not put his floppy disk properly in the
floppy drive
is faced with "Unable to mount media <clicks> detail -->
and gets mount: /dev/fd0 is not a valid block device
Instead of userfriendly msg like the cd/dvd rom outputs "There's
probably no media in drive"
which by the way is true in this case...
Mounting and creating filesystems is something that PolicyKit should
allow to be configured, see
System->Preferences->System->Authorizations. This is really a
matter of default polkit policy being written to make it happen
(and/or to prevent it). I think in some cases it would be valuable
to prevent a user from formatting any disks (think internet kiosk or
security sensitive data on a workstation).
We are talking about external HD,USB keys Floppy's..
the same policy should apply to them as CD's ( burning cd or bootable
cd's )
We are not letting users format internal HD without the necessary
privileges.
I was talking about external devices. Its your opinion they should be
fully open to format, its my opinion they should be permitted to be
formatted by default policy but be restrictable...
I'm not arguing against that it along with other things cant be
restricted..
Regarding "external devices" one must wonder how the security is
around the "external device" in the
first place if the user gets its hands on it... And since he got he's
hands on it in first place there's
nothing to prevent him take it home or to his secret lair and do
whatever he wants to it...
If he's not allowed to mount it, format it, or move data to it even if he gets
it connected to the machine, what he does with it (pick his nose?) is completely
his business. Yes, there is a major problem with security of any data once a
user is physically touching the hardware, but that does not mean creating a good
security policy around it is a bad idea anyway.
Regarding internet kiosks workstations etc... then it's just common
sense
to those who administer/manage to disable boot from CD's USB Floppy,
Password
protect Grub and disable certain keyboard short cuts etc..
The issue is not only booting, but the ability to lockdown the system
and its behavior to only what is desired (be it browsing a library
reference database or ordering coffee).
And this involves formating external storage device how???
I don't know, you brought up the booting not me. A machine in that environment
may not want users to have permission to format disks.. thats it.
I (the user) see it, policykit is an excellent route to take with
setup for what you want. The default desktop install could allow any
user logged in to format external disks without root access if there
is policy there to escalate their privileges for that task alone.
That was what you were trying to say policykit is an excellent way to
handle who can format and which devices are allowed to be formatted..
Yep thats all I was saying. The user should be allowed to do it! But it should
be possible to choose not to let the user do it. The root access permission
requirement for doing those things has always been in place for that kinda of
control AFAIK, and newer development like policykit may be changing this.
--
Andrew Farris <lordmorgul@xxxxxxxxx> www.lordmorgul.net
gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
