On Fri, 2008-04-25 at 13:52 -0400, Todd Denniston wrote: > Mostly replying to Chris. Williams, but doing it from the portion of the > thread with much more info. > > A CISSP with enough information about the use case would not through a fit. > Fits are generally perceived as unprofessional. > The CISSP would document the risks that [s]he perceived, of having power > switches (both hardware and software) available for folks at the physical > machine to press, and make sure A) it is legal for the data to be risked this > way, B) operating within the organization's security policy and C) that the > appropriate level of management and the data owner understood and accepted the > risk (signed off that they approve). CISSPs understand: there is a balance to > life, even if it means working somewhere more security aware. > > In this case it _reads_ like having the PHYSICAL switches available is > probably not a big problem for the data owner[2], and with the training they > are giving it is easy enough to tape a big `don't press here` sign over the > button (as even in windows NOW the button is being trained into users a LAST > resort). And they Believe that the software switch is being hit mostly out of > accident (too close to the log out selection) or forgetfulness (habit of doing > a graceful shutdown on their own machines when done). > > The problem is that they perceive there is no (obvious) place for the > administrator to tweak the UIs such that only root can run the software switch. > Even if they did not have long running jobs on the systems, the reasons to > software restrict[1] physically local users from shutting down the system > would include: > 1) it is rude to make the next user wait for the machine to power up. > 2) the computer lab wants to keep itself warm with the exhaust from the computers. > 3) the computer lab wants to see the same power bill each month. > 4) the computer lab does not want to see power cycles hitting their hard drives. > 5) the sound energy in the lab is too bursty without all the fans going. > > Note: Rahul indicated PolicyKit might be able to help. > I would have thought one of the switches might be able to be removed from GDM > config. > > [1] so that it is not an easy accident that the system got shutdown. > because even if you remove the physical shutdown switch, there is always the > power cord, but both the cord and switch are not accidental. > OK the switch could be an accident if you are using a 15 year old computer > with a real toggle switch instead of that thing that runs to the mother board. :) > > [2] though nothing indicates the legality or that they are following the > security policy. ...Now THAT was funny!!! Definitely a keeper. I laughed til I cried. :) Cheers, Chris -- =========================== "If you are calm while all around you is chaos, then you probably haven't fully understood the magnitude of the situation." --Unknown -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
