On Mar 3, 2012, at 3:19 PM, Miloslav Trmač wrote:
A complete lockdown to prevent transferring data out of the system
is
a much harder problem (even if you only allow users to run a web
browser, they may use it to send data to a server).
Yeah, you're right, I can just open a gmail or dropbox account within a web browser,
upload the data.
I think the distinction is "who is going to have to support the result". If
it's a home user or small business, they will have to provide support no matter what
the connection is; and in a many user environment with some kind of IT staff, it's
potentially a different granularity. In some cases they may have no problem with a local
printer being attached, or conversely as you point out may have no problem with remote
printers.
But any printer addition affects the UI and UX, and a potential increase for support.
Therefore blanket allowance for any user to add any device is probably not a good idea.
Even if there aren't security risks.
I prefer the first created user defaulting to being an administrator. At least on Mac OS
(not to suggest it's right, only that I'm most familiar with its behavior), the
consequences to this are authentication dialogs appear far less often. And I'm added
to the following groups:
_appserveradm
_appserverusr
_lpadmin
access_bpf
admin
com.apple.access_screensharing
com.apple.access_ssh
Without additional authentication, as an admin, I can add/modify/remove printers, change
timezone, make network modifications, make file and device sharing modifications, perform
software updates, change startup disk. Normal users can't change these things.
As admin, I can't make changes to users and groups, or security/privacy related
changes unless there is additional authentication.
Chris Murphy