AW: [Desktop_printing] Role of CUPS and error handling

Robert L Krawitz rlk at alum.mit.edu
Fri Mar 24 05:40:36 PST 2006


   From: Kurt Pfeifle <k1pfeifle at gmx.net>
   Date: Fri, 24 Mar 2006 14:17:44 +0000

   That's fine with *me*, and probably with most people on this list.
   But it is not good and *easy* enough for most Aunt Tillie users...

   Are you sure that all users who encounter a problem that stems from
   SUSE's "RunAsUser" setting are immediately pointed to that website?
   Are you also sure they follow the link? Are you sure they read it?
   Are you sure they understand it?

I agree that I think it could be simplified, but that's another
matter.  There are other ways of handling some of the details
(e. g. create /etc/printcap in advance, owned by the user 'lp'), which
can be worked out.

   The thing is: Once you overdo with "security", and make stuff too
   difficult to cope with, users tend to switch off security altogether.
   Which has then led to the defeat of the security expert's own goals
   (Which begs the question: are security architects really interested
   in creating better security in real life for end users? Or are some 
   security experts only erecting the technical security hurdles in order 
   to have a good excuse and wash their hands in it if is just torn down? 
   (Mind you: I'm guilty of that sometimes too; it is a very comfortable
   thing to tell the user "You should not have..." if you are tired to
   deal with the same challenge day-in, day-out...)

   Security is not just a technical challenge; it also has to do with
   user psychology.

   On Friday 24 March 2006 12:26, Johannes Meixner wrote:

   > Choose what you prefer (choose exactly one):
   > [ ] cupsd runs by default but not as root (which requires lppasswd)
   > [ ] no cupsd running by default at all
   > Note that it is about a general company security policy
   > and not about what a few printing guys may think.

   That's what the company security politicians think; and what maybe
   you and I think too.

   But what do your *users* think? "F*#ck! SUSE is too secure to let me
   simply print!?!"

That's for SUSE to concern itself with.  Personally, I think choice is
great.  If people decide they don't want to deal with the hassle,
they're free to switch if they please.

Modern computers are very complicated systems, and the less that runs
as root the better.  CUPS is a particularly complex service that among
other things runs a variety of third party programs that may not have
been audited for security.

-- 
Robert Krawitz                                     <rlk at alum.mit.edu>

Tall Clubs International  --  http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail lpf at uunet.uu.net
Project lead for Gutenprint   --    http://gimp-print.sourceforge.net

"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton



More information about the Printing-summit mailing list