Deploying Linux Desktops in a Business (was Re: Antivirus for Ubuntu)

[Felipe Figueiredo]

On Friday 25 May 2007 04:10:25 Ben Edwards wrote:

> For example what access do we give non technical people to there Linux
> Desktop.  

best to start with as limited as possible, and raise rights as needed. sudo 
gives an option to do this on a per executable basis, or group basis, so you 
could create an organization for your porgrams that would suit your needs.

The next complexity step is Access Control Lists, which I am not very familiar 
with, but might interest you.

> Is it possible to give non sudo access to the box but allow 
> them to install security updates.  

Security updates can be installed automatically, and non-interactively 
with 'unattended upgrades'. 

Of course, the fact that they are available, and your users have the ability 
to install them (or not, if it might break somthing down) may be reassuring. 
You have to decide for your case.

> It is possible to give non sudo 
> access and allow them to install/remove programs - maybe from a subset
> of what is available.

It is my opinion that non-tech users faced with a plethora of choices, often 
get lost. Besides, they are error-prone (who isn't?), but they have an 
additional problem: they may put pressure to make this whole thing go away, 
if they 'don't like' it. So if they break the system, you can have a hard 
time proving the system is stable for production use.

I think letting users have unlimited access to dpkg or any of it's frontend, 
is as bad as giving them root/sudo access.

regards
FF