On Thu, 2010-01-21 at 15:17 -0800, Adam Williamson wrote: > The policy does not apply in the case of user accounts > which have been explicitly granted privileges by the system > administrator, I'm going to harp on this a litte more, since I really want to avoid being held against the letter of a policy later on that can be read in different ways: One of our medium-term goals for the desktop spin is to get to a situation where the root account can be disabled, and the first user gets created with an 'Administrator' role. In this case, the granting of privileges happens at installation time, not really 'explicitly by the system administrator'. Another point I want to make is that this is not really a black-and-white situation (either you're root/admin or you are not). In addition to the 'Administrator' role, we also want to define a 'Standard' user role which will allow things that pointless to lock down on a typical desktop system, such as setting the clock, installing trusted updates, etc. It might be good to make it clear that giving a user a role such as this 'Standard user' role is covered by 'explicitly granted privileges'. -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
