On Mar 3, 2012, at 3:19 PM, Miloslav Trmač wrote: > A complete lockdown to prevent transferring data out of the system is > a much harder problem (even if you only allow users to run a web > browser, they may use it to send data to a server).
Yeah, you're right, I can just open a gmail or dropbox account within a web browser, upload the data. I think the distinction is "who is going to have to support the result". If it's a home user or small business, they will have to provide support no matter what the connection is; and in a many user environment with some kind of IT staff, it's potentially a different granularity. In some cases they may have no problem with a local printer being attached, or conversely as you point out may have no problem with remote printers. But any printer addition affects the UI and UX, and a potential increase for support. Therefore blanket allowance for any user to add any device is probably not a good idea. Even if there aren't security risks. I prefer the first created user defaulting to being an administrator. At least on Mac OS (not to suggest it's right, only that I'm most familiar with its behavior), the consequences to this are authentication dialogs appear far less often. And I'm added to the following groups: _appserveradm _appserverusr _lpadmin access_bpf admin com.apple.access_screensharing com.apple.access_ssh Without additional authentication, as an admin, I can add/modify/remove printers, change timezone, make network modifications, make file and device sharing modifications, perform software updates, change startup disk. Normal users can't change these things. As admin, I can't make changes to users and groups, or security/privacy related changes unless there is additional authentication. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
