[desktop-discuss] [security-discuss] requirement for identifying a console user in RBAC

[Darren J Moffat]

I'm quite nervous about assigning any additional authorisations to a 
user based on which tty their login program happened to run on.  My main 
concern is that there are deployment cases where this is a good default 
and ones where it is a bad default.

For all of the use cases sited I think these would be easily covered by 
creating a new RBAC profile and assigning that to the user not at login 
(because profiles don't work that way) but permenantly on that machine.

I can see two cases where this functionality is useful:

1) Laptop - especially for networking
2) Personal desktop.

In case 1 you want to give users the ability to do a limited set of 
system configuration/admin but you don't want them to have the full 
control over the machine.  This is how Windows laptops are often 
deployed in a corporate environment.

Cases where you don't want users to get additional authorisations just 
because they logged in on the console include:

1) Corporate desktop - non Sun Ray
2) Student lab

I believe that the functionality being requested is really a property of 
the *user* not where and how they logged in.

Maybe what we really need here is to ask and assign this "owner" profile 
when the first non root user is created during install.  This is, if I 
remember correctly, what MacOS X and Windows XP basically do.


Now back to the general case, being able to have different RBAC profiles 
based on "where" you are is actually a very useful concept - I have code 
  that uses the "qualifier" field in user_attr(4) to limit when an user 
gets a profile based on host or netgroup. [ Not integrated because it 
requires updating the SMC user tool and I don't know how to do that ].

--
Darren J Moffat