Re: [opensuse-factory] Permissions and security levels

Wed, 02 May 2007 18:27:15 -0700 

On Wednesday 02 May 2007 18:37, Christian Boltz wrote:
> Hello,
>
> on Samstag, 28. April 2007, Marcus Meissner wrote:
> > On Sat, Apr 28, 2007 at 08:43:36PM +1200, Volker Kuhlmann wrote:
> > > SuSEconfig supports 3 different security levels for file
> > > permissions - easy, secure, paranoid. Default is easy. Is this
> > > still appropriate?
>
> IMHO "secure" would be a good default.
>
> > > The higher the security level, the more things stop working. I have
> > > considered "secure" a good choice for many years, and haven't seen
> > > any loss of functionality personally. However, suseupdater fails at
> > > "secure", displaying a yellow triangle with a bubble help of
> > > subprogram failed and mentioning suid.
> > >
> > > Is this advanced voodoo for experienced Susers only, does this want
> > > some adjustment, or a better explanation for less experienced
> > > users?
> >
> > The opensuseupdater should perhaps just not start when "secure" is
> > selected.
>
> Marcus, I know we had this discussion already, and you probably remember
> my opinion ;-)
>
> IMHO opensuseupdater _should_ start and be able to list available
> updates when running with permissions.secure.
>
> Your suggestion not to run it would mean that the user misses updates,
> which would make the system less secure as a consequence...
>
> (And there's still the root password request before any package is
> installed. Therefore we "only" talk about some user-friendly update
> notification without any impact on the system here.)
>
>
> For the records: I'm running my system with permissions.secure and only
> have the following entries in permissions.local:
>
> # bug 175616, remained from zen-updater, probably no longer needed
> /opt/gnome/lib/libgnomesu/gnomesu-pam-backend    root.root  4755
>
> # zypp - allow opensuseupdater to do its job
> /usr/sbin/zypp-checkpatches-wrapper              root:root   4755
>
>
> Regards,
>
> Christian Boltz
what about a default apparmor wrap on opensuse updater?
-- 
James Tremblay
Director of Technology
Newmarket School District
Novell CNE 3\4\5
CLE \ NCE in training.
http://en.opensuse.org/education
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to