On Tuesday 11 May 2004 09:32, Jeff Vian wrote: > /etc/fstab controls the access when mounting. Configure it there to > allow the user to mount/unmount and access it. Ok, so I configure the memstick today, which is /dev/sda1. I have the proper options in fstab to allow the user to do that. Now, the user plugs in a camera (that is managed by usb-storage), it gets /dev/sda, and then he plugs in the memstick (which gets /dev/sdb). Now what? Tomorrow he adds a USB hard drive (already partitioned and formatted, BTW). Now what? With KDE you can see devices and such on the desktop if you would like, but the permissions have to be set up first. > A little bit if time spent on education is much better in the long run > than just removing obstacles. Ever hear the one about "Give a man a > fish and he eats for a day. Teach a man to fish and he eats forever.")? > It applies to using computers as well. Yeah, but sometimes when somebody asks 'What time is it?' he doesn't want to know how to build a watch. When I go into McDonald's and ask for a Big Mac I don't want a lesson in butchery, USDA inspection, frying temperature, condiment formulation, hydroponic growing of salad greens and vegetables, proper rennet mixture for curdling, oleo versus diary mixture to meet USDA standards for naming a product 'cheese' versus 'cheese food', vinegar solution percentages for proper acidity to react with cucumber slices, growing techniques for oriental seed spices, and appropriate yeast cultures for particular strains of wheat for desired bubble sizes. I just want to eat a Big Mac. This also applies to computers: sometimes people just want to get their work done. This is not a wrong thing to want. > I understand your point, and as long as the user understands the risks > of being root user and the ease of causing severe damage to his system > with a simple typo when he is logged in as root, it is, after all, /his/ > system. This is again where a well-configured SELinux setup will solve many problems. The hard part is getting it well-configured. Under SELinux carried out to the max there _is_ no root. This is also a good thing. SELinux and similar technologies should be thought of as ways to improve both security of the system and convenience to the user. With proper application of this technolgy much finer-grained balancing of security versus convenience may be done. But the tools to do this must be easily configured, and the defaults must be very carefully chosen. -- Lamar Owen Director of Information Technology Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu
