AW: [Desktop_printing] Role of CUPS and error handling
Robert L Krawitz
rlk at alum.mit.edu
Fri Mar 24 05:40:36 PST 2006
From: Kurt Pfeifle <k1pfeifle at gmx.net>
Date: Fri, 24 Mar 2006 14:17:44 +0000
That's fine with *me*, and probably with most people on this list.
But it is not good and *easy* enough for most Aunt Tillie users...
Are you sure that all users who encounter a problem that stems from
SUSE's "RunAsUser" setting are immediately pointed to that website?
Are you also sure they follow the link? Are you sure they read it?
Are you sure they understand it?
I agree that I think it could be simplified, but that's another
matter. There are other ways of handling some of the details
(e. g. create /etc/printcap in advance, owned by the user 'lp'), which
can be worked out.
The thing is: Once you overdo with "security", and make stuff too
difficult to cope with, users tend to switch off security altogether.
Which has then led to the defeat of the security expert's own goals
(Which begs the question: are security architects really interested
in creating better security in real life for end users? Or are some
security experts only erecting the technical security hurdles in order
to have a good excuse and wash their hands in it if is just torn down?
(Mind you: I'm guilty of that sometimes too; it is a very comfortable
thing to tell the user "You should not have..." if you are tired to
deal with the same challenge day-in, day-out...)
Security is not just a technical challenge; it also has to do with
user psychology.
On Friday 24 March 2006 12:26, Johannes Meixner wrote:
> Choose what you prefer (choose exactly one):
> [ ] cupsd runs by default but not as root (which requires lppasswd)
> [ ] no cupsd running by default at all
> Note that it is about a general company security policy
> and not about what a few printing guys may think.
That's what the company security politicians think; and what maybe
you and I think too.
But what do your *users* think? "F*#ck! SUSE is too secure to let me
simply print!?!"
That's for SUSE to concern itself with. Personally, I think choice is
great. If people decide they don't want to deal with the hassle,
they're free to switch if they please.
Modern computers are very complicated systems, and the less that runs
as root the better. CUPS is a particularly complex service that among
other things runs a variety of third party programs that may not have
been audited for security.
--
Robert Krawitz <rlk at alum.mit.edu>
Tall Clubs International -- http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail lpf at uunet.uu.net
Project lead for Gutenprint -- http://gimp-print.sourceforge.net
"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton
More information about the Printing-summit
mailing list