On Mar 3, 2012, at 3:19 PM, Miloslav Trmač wrote:
> A complete lockdown to prevent transferring data out of the system is
> a much harder problem (even if you only allow users to run a web
> browser, they may use it to send data to a server).

Yeah, you're right, I can just open a gmail or dropbox account within a web 
browser, upload the data.

I think the distinction is "who is going to have to support the result". If 
it's a home user or small business, they will have to provide support no matter 
what the connection is; and in a many user environment with some kind of IT 
staff, it's potentially a different granularity. In some cases they may have no 
problem with a local printer being attached, or conversely as you point out may 
have no problem with remote printers.

But any printer addition affects the UI and UX, and a potential increase for 
support. Therefore blanket allowance for any user to add any device is probably 
not a good idea. Even if there aren't security risks.

I prefer the first created user defaulting to being an administrator. At least 
on Mac OS (not to suggest it's right, only that I'm most familiar with its 
behavior), the consequences to this are authentication dialogs appear far less 
often. And I'm added to the following groups:

_appserveradm
_appserverusr
_lpadmin
access_bpf
admin
com.apple.access_screensharing
com.apple.access_ssh


Without additional authentication, as an admin, I can add/modify/remove 
printers, change timezone, make network modifications, make file and device 
sharing modifications, perform software updates, change startup disk. Normal 
users can't change these things.

As admin, I can't make changes to users and groups, or security/privacy related 
changes unless there is additional authentication.

Chris Murphy
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Reply via email to