Re: Why Restart & Shutdown Buttons on login screen

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-04-25 at 13:52 -0400, Todd Denniston wrote:

> Mostly replying to Chris. Williams, but doing it from the portion of the 
> thread with much more info.
> 
> A CISSP with enough information about the use case would not through a fit. 
> Fits are generally perceived as unprofessional.
> The CISSP would document the risks that [s]he perceived, of having power 
> switches (both hardware and software) available for folks at the physical 
> machine to press, and make sure A) it is legal for the data to be risked this 
> way, B) operating within the organization's security policy and C) that the 
> appropriate level of management and the data owner understood and accepted the 
> risk (signed off that they approve).  CISSPs understand: there is a balance to 
> life, even if it means working somewhere more security aware.
> 
> In this case it _reads_ like having the PHYSICAL switches available is 
> probably not a big problem for the data owner[2], and with the training they 
> are giving it is easy enough to tape a big `don't press here` sign over the 
> button (as even in windows NOW the button is being trained into users a LAST 
> resort).  And they Believe that the software switch is being hit mostly out of 
> accident (too close to the log out selection) or forgetfulness (habit of doing 
> a graceful shutdown on their own machines when done).
> 
> The problem is that they perceive there is no (obvious) place for the 
> administrator to tweak the UIs such that only root can run the software switch.
> Even if they did not have long running jobs on the systems, the reasons to 
> software restrict[1] physically local users from shutting down the system 
> would include:
> 1) it is rude to make the next user wait for the machine to power up.
> 2) the computer lab wants to keep itself warm with the exhaust from the computers.
> 3) the computer lab wants to see the same power bill each month.
> 4) the computer lab does not want to see power cycles hitting their hard drives.
> 5) the sound energy in the lab is too bursty without all the fans going.
> 
> Note: Rahul indicated PolicyKit might be able to help.
> 	I would have thought one of the switches might be able to be removed from GDM 
> config.
> 
> [1] so that it is not an easy accident that the system got shutdown.
> because even if you remove the physical shutdown switch, there is always the 
> power cord, but both the cord and switch are not accidental.
> OK the switch could be an accident if you are using a 15 year old computer 
> with a real toggle switch instead of that thing that runs to the mother board. :)
> 
> [2] though nothing indicates the legality or that they are following the 
> security policy.

...Now THAT was funny!!!

Definitely a keeper. I laughed til I cried. :)

Cheers,

Chris

--
===========================
"If you are calm while all around you is chaos,
then you probably haven't fully understood
the magnitude of the situation."

--Unknown

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux