Re: Lockdown... Take 2

From: Andrew Sobala <as583 cam ac uk>
To: Matt Keenan <Matt Keenan sun com>
Cc: GNOME Desktop Hackers <desktop-devel-list gnome org>
Subject: Re: Lockdown... Take 2
Date: Wed, 15 Oct 2003 13:08:38 +0100

On Wed, 2003-10-15 at 11:58, Matt Keenan wrote:
> Andrew Sobala wrote:
> > Can you explain why? If someone wants to prevent users from opening a
> > terminal, there are 2 ways we can implement this:
> > 
> > * gconf key to hide it plus ACL. Sysadmin has to implement this in two
> > different places. If someone doesn't read the docs properly and just
> > goes the gconf way they end up with nonexistant security: they think
> > it's secure (the menu option doesn't appear) but it can actually still
> > be run.
> 
> True, that's why to make completely secure a sysadmin would need to
> use a combination of both Gconf and ACL's
> 
> > * Just remove access to it in an ACL. Menu items automagically
> > disappear. Secure, and it "Just Works". If the ACL configuration is
> > broken, it's obvious to the sysadmin since the menu option is still
> > there.
> 
> How to menu items automagically dissappear.... ?

Well that's what I'm proposing. To hide menu items/launchers if the user
doesn't have executable access.

Although from Alex's other e-mail, it looks like the example I chose may
be a situation where this is difficult!

-- 
Andrew Sobala <as583 cam ac uk>

References:
- Lockdown... Take 2
  - From: Matt Keenan
- Re: Lockdown... Take 2
  - From: Alexander Larsson
- Re: Lockdown... Take 2
  - From: Havoc Pennington
- Re: Lockdown... Take 2
  - From: Alexander Larsson
- Re: Lockdown... Take 2
  - From: Andrew Sobala
- Re: Lockdown... Take 2
  - From: Matt Keenan
- Re: Lockdown... Take 2
  - From: Andrew Sobala

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]