[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



On Thu, 2009-11-19 at 11:45 +0000, Richard Hughes wrote:
> Surely if you're deploying a workstation (1000s of workstations?) you
> would just ship an extra package that set the PolicyKit policies
> according to the domain policy, so if I was a school, I would allow
> the active users to unplug removable drives, but not detach physical
> drives. I would also stop them installing and upgrading (not even give
> them the option to enter a root password) and also lock down who can
> change the clock. I would also prevent them from installing debuginfo
> files and being able to set thier audio system to real-time priority.

FWIW, what I set up for our school's Fedora 11 workstations is here:
http://jdieter.fedorapeople.org/lesbg-polkit-setup-client.spec

There are definitely some ways I could clean it up, but it at least
keeps me from having students installing software (or running updates)
without permission.

Jonathan

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]