Deploying Linux Desktops in a Business (was Re: Antivirus for Ubuntu)
philsf79 at gmail.com
Fri May 25 19:35:33 UTC 2007
On Friday 25 May 2007 04:10:25 Ben Edwards wrote:
> For example what access do we give non technical people to there Linux
best to start with as limited as possible, and raise rights as needed. sudo
gives an option to do this on a per executable basis, or group basis, so you
could create an organization for your porgrams that would suit your needs.
The next complexity step is Access Control Lists, which I am not very familiar
with, but might interest you.
> Is it possible to give non sudo access to the box but allow
> them to install security updates.
Security updates can be installed automatically, and non-interactively
with 'unattended upgrades'.
Of course, the fact that they are available, and your users have the ability
to install them (or not, if it might break somthing down) may be reassuring.
You have to decide for your case.
> It is possible to give non sudo
> access and allow them to install/remove programs - maybe from a subset
> of what is available.
It is my opinion that non-tech users faced with a plethora of choices, often
get lost. Besides, they are error-prone (who isn't?), but they have an
additional problem: they may put pressure to make this whole thing go away,
if they 'don't like' it. So if they break the system, you can have a hard
time proving the system is stable for production use.
I think letting users have unlimited access to dpkg or any of it's frontend,
is as bad as giving them root/sudo access.
More information about the ubuntu-users