Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Thread beginning with comment 509094
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: ugghh!
by ndrw on Thu 1st Mar 2012 06:45 UTC in reply to "RE[5]: ugghh!"
ndrw
Member since:
2009-06-30

But is this actually how policykit is set up on any current distro? I'm pretty sure any application run in the user account has full access to all user data.


I'm pretty sure that's the case, indeed. I wasn't referring to available solutions, rather to the user (well, my) needs.

In a sense, whenever I unplug the LAN cable because I'm trying an application I don't trust, I'm doing just that. I'm taking away a privilege to talk to the network. Of course, network access is only one of available privileges and unplugging a cable isn't exactly a "software" solution.

As you said, the system can be re-installed in an hour so a system compromise or failure is not as serious as that of user data loss.


One thing to remember is that system security is necessary (but not sufficient) for user data security. This is where user accounts work rather well but they are too inconvenient for more fine-grained access control. No one will setup a separate user account for running a web browser because that's too much hassle (configuration, file access permissions, different home dirs etc.).

Extensions of this model (sudo, PolicyKit) allow some flexibility but they are still fairly static and are configured at the system level (by an administrator).

This is a misconception - on single-user systems the user _is_ the admin so at any time, he should be able to decide which permission he needs and which permissions he waives (just like I can unplug the LAN cable whenever I want). Think of it as of Android app permissions (except that the user should be able to grant/revoke single permissions even at runtime).

Reply Parent Score: 2