Torvalds Calls OpenSUSE Security 'Too Intrusive'

jfruh writes "The balance between security and ease of use is always a tricky one to strike, and Linux distros tend to err on the side of caution. But no less a luminary than Linus Torvalds thinks openSUSE has gone too far. When his kid needed to call from school for the root password just so he could add a printer to a laptop, that's when Linus decided things had gone off the rails."

Re:What an ass

[Rhacman]

If I understand correctly this in effect would be giving that user root priviledges. I think his complaint was that an ordinary task like adding a printer required that level of priviledge, not that it was inconvinient to do. It sounded like he wanted to administer his childs laptop without giving them free reign over it.

Re:Only root?

[fuzzyfuzzyfungus]

Only if your printer sucked. If you had a real printer you could just cat the postscript to whatever device it was connected to...

Re:What an ass

[John Hasler]

If I understand correctly this in effect would be giving that user root priviledges.

You don't. The whole point of sudo is that it gives you fine-grained control over the privileges of each user.

Re:Only root?

[busyqth]

Back in the day postscript didn't exist.
"lp0" stands for "Line Printer 0" -- you know, 132 columns, tractor feed, green-and-white-striped paper, massive clattering mechanical wheels spinning.
Now GET OFF MY LAWN!

Re:Only root?

[Anonymous Coward]

That's because there was this thing called a "line printer device driver" that was... wait for it... compiled into the kernel.

Re:What an ass

[softwareGuy1024]

You don't. The whole point of sudo is that it gives you fine-grained control over the privileges of each user.

sudo, is used to run as root. The point is to allow the user to do a quick operation with root permissions, then go back to running as a normal user. It doesn't "give you fine-grained control over the privileges of each user."

Re:Only root?

[Grishnakh]

There's some different issues here. Postscript (or PDF) printers are definitely superior to others, for good reason: they accept documents in a standardized format, and don't require special drivers. The only "drivers" needed are extremely simple, mainly to tell CUPS how many trays your printer has, and let you select the input and output trays, select duplexing, stuff like that.

Drivers that don't accept Postscript (or at least some other de facto standard like HP's PCL) have to have special drivers to convert your PS/PDF file into something the printer can understand, which isn't just a document description language, but rather something more like machine code to tell the printer exactly how to move the print head around and spray ink--these cheapo printers don't have much in the way of processing power, and rely on the host to do the processing for it. This means you need a special driver (which doesn't necessarily mean kernel driver, usually these printer drivers just run in userspace), which of course has to be supplied by the manufacturer since they're the only ones who really know how the printer works inside. Everyone even semi-knowledgable about computers should know by now that relying on mfgrs to supply drivers for Linux is generally a losing proposition, so these el cheapo printers should be avoided at all costs.

Setting up Linux to print to any decent office printer is usually a very simple affair: just find the printer, then select the manufacturer and model from the huge lists provided by CUPS, and off you go. Whether it's an HP LaserJet, a Ricoh, a Xerox, etc., it can print to any of these things. But a $30 piece of shit inkjet? Forget it. This has been the case for as long as $30 inkjets have been around, and hasn't changed, and it probably isn't going to change either, unless at some point in the future MS's near-monopoly collapses and Linux desktop systems start becoming popular (sort of like the way that many different phone makers sell their phones with different versions of Android on them, and these are doing quite well in the marketplace).

Re:Only root?

[jedidiah]

> The biggest problems with Linux are still device support and compatibility with what the user wants to do.

Nonsense.

The main problems are some notable highly proprietary walled garden holdouts and the dregs of the PC platform. For the rest, the level of support in Linux is not nearly as bad as some trolls would have you believe.

Linux faces similar challenges to MacOS in this regard.

Re:What an ass

[chuckinator]

Go in to the linux box you supposedly own and type 'man 5 sudoers'. You can specify which programs a user can run as root with fine grained controls that only allow specific users or specific groups to run only specific programs. It is not an all or nothing tool even if a majority of lazy sysadmins use it that way. If it didn't have that level control, there would be no point in using it over /bin/su.

Re:Only root?

[Grishnakh]

Not quite. There's never been printer device drivers compiled into the kernel. There were printer port drivers, but that's different; they just set up a virtual device at /dev/lp0 (or "PRN" in the case of DOS), and let you send data to it, so the data comes out the DB25 port on your PC. They had no control over the printer whatsoever.

Those old dot-matrix printers accepted ASCII text input, along with some control codes (other ASCII characters). So once you had a way to send ASCII data over the cable, the printer would just print anything you sent it, as-is. There was no "driver" needed at all.

Re:Only root?

[omnichad]

And it really shouldn't be that hard. If you make a print driver for Mac OS X, you likely already have a CUPS ppd created.

Re:Only root?

[Kjella]

Setting up Linux to print to any decent office printer is usually a very simple affair: just find the printer, then select the manufacturer and model from the huge lists provided by CUPS, and off you go. Whether it's an HP LaserJet, a Ricoh, a Xerox, etc., it can print to any of these things. But a $30 piece of shit inkjet? Forget it

Here's a $30 printer [amazon.co.uk] that works perfectly [openprinting.org] under Linux, not that I've tried this particular one. It's more a matter of brand than price, some companies just have shit support and others are quite good.