On Thu, Nov 19, 2009 at 11:51:36AM -0700, Michael Torrie wrote: > > I highly doubt the p0rn-comfort package is in the standard fedora repos > anyway, though there is a questionable cpu monitor in the ubuntu > standard repos.
Did you bother to check? Sorry to be rude, but: amcn...@prodigy:~% yum info p0rn-comfort Loaded plugins: presto, refresh-packagekit Available Packages Name : p0rn-comfort Arch : noarch Version : 0.0.4 Release : 8.fc12 Size : 46 k Repo : fedora Summary : Support programs for browsing image-gallery sites URL : http://www.cgarbs.de/p0rn-comfort.en.html License : GPL+ Description: p0rn-comfort consists of several support programs for browsing : image-gallery sites. It includes a proxy which enables : blacklisting of thumbnail sites on-the-fly. It also supports : queueing of entire pages for download and fetching them at a later : time. Queuing can either be done manually (directly from your : browser) or by an automated download script which can also follow : links between different galleries. > Furthermore if you're going to the work of setting up a family computer > with separate accounts (you are only one of maybe 3 people I know that > does this), you'd go to the work of making sure the policykit settings > are set right for your kids' accounts. In a way this is no different > than Mac's parental controls. For most users, though the defaults are sane. I don't think this is nearly as rare as you think, but I don't have any proof. > No it does not. The CS dept (any uni lab) is a special case. For > academic use as you say. In the CS dept's case, Fedora has to be > configured and hardened anyway. PolicyKit just makes it easier to > harden. Write a policy and push it out. Disable removable executable > bits? check. Disable setuid on removable devices? check. Disable any > kind of privilege elevation? check. Or in some cases, remove removable > device support entirely from the desktop experience. PolicyKit makes it harder to harden because there are 100 different policy files you have to thoroughly understand. > Though you may think of adminning as as normal for Linux, in my most > users out there don't set up machines this way and don't think of such > a person as an "admin" since they don't know what an admin is. To > them I'm just the guy that fixes things for them. I don't doubt that, but Fedora at least has a higher percentage of people who want to admin a home system than Ubuntu does. > Most families don't have admins other than some nephew that comes over > to clean viruses once in a while. While you and I may have our families > all networked with VPNs and do remote sysadminning, we are not normal. > PolicyKit makes it easier to do the adminning though. Most of my family > want to be able to install software. So the default works. In some > cases they might want more or less control. I can do that with F12. They also want to be able to set the time, uninstall programs, etc. All of these other things require a root password. PolicyKit in F12 treats package installation as the one special administration task that doesn't require a password. > My hypothetical neighbor trying out fedora certainly is not in a > situation like this. It's his computer; the idea of having to log in as > a completely different user (root) is a very strange idea to him. And > except for certain amounts of malware protection, this is merely an > obstacle thrust in his way that serves no purpose. They still have to login as root for all other administrative tasks. I actually love the desktop_admin_r group idea, which allows users to login as themselves for administrative tasks, but that's not at issue in the current Fedora debate. > Note that before PolicyKit and friends, a lot of things were hacks, > plain and simple. Like access to removable devices. I remember playing > all kinds of automounter games when I was a CS admin to allow students > to use their zip drives, etc. I even remember the bad old days when you > had to use a setuid program called mtools to access floppies! All > because mounting took root privileges. It's better now (and more secure). Generally speaking, I agree with you. I still think there are a lot of rough edges, though. > I dunno about that. With PolicyKit hitting RHEL6, I should be able to > set up and control the desktop experiences of my users much more easily > than I do now which is basically an all-or-nothing approach. There's > root and then there's everyone else. For faculty members this is really > problematic. I want to be able to keep their machines running well, but > the lack of fined-grained admin controls is a real hurdle. If they need > to install instrument software I have to grant them sudo access, which > means they can really screw things up if they try. I'd rather give them > the ability to do some things, but not other things (like screw up > network settings). I agree that it's a great idea, but I don't think that configuring PolicyKit is nearly as straightforward as it will eventually become. There's a lot of work left to do. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868 -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
