Valent Turkovic:
>>> If a browser shows a message that it has some plugin missing and
>>> offers some bar that you click on any user clicking on it would expect
>>> to do what it says.
Tim:
>> If it's possible to do an install with administrative permission, it
>> should do it. "Enter root password, now, to install this."
Ian Malone:
> Actually, I don't want my browser to ask me for a root password.
I agree that it's a bit of a worry to have a browser ask you for that,
but you do need to have some *initial* system that stops all users from
begin able to install through a browser unless the admin allows that.
Otherwise systems that need to be secure, aren't, by default.
Then, after that point, it's a case of:
* Is it a once off decision to allow it, then users can do
anything they like ever more.
* The admin permission is required for some things but not others
(e.g. allow flash installs on demand but nothing else).
* All installs require admin permissions, each time.
At it's simplest level that kind of thing can be done with something
like a root owned /etc/firefox.conf file with parameters. For example,
something like:
[allow]
#flash
#all
[deny]
#flash
#mplayer-plugin
all
[permissions]
prompt
#noprompt
--
[tim@bigblack ~]$ uname -ipr
2.6.22.1-41.fc7 i686 i386
Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
