Should openSUSE review it's Security Policies?

classic Classic list List threaded Threaded
207 messages Options
123456 ... 11
Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Roger Luedecke
On Thu, 2012-03-01 at 04:14 +0100, Carlos E. R. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2012-03-01 04:11, James Knott wrote:
> > Carlos E. R. wrote:
> >> I can configure that Windows machine so that you can not do any of that. It
> >> is in fact the default config.
> >
> > I have never needed admin password to use WiFi in Windows.
>
> Because you are already the administrator. In my windows machine I can't
> setup the wifi network or printer.
>
> - --
> Cheers / Saludos,
>
> Carlos E. R.
> (from 11.4 x86_64 "Celadon" at Telcontar)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9O6YcACgkQIvFNjefEBxpS4wCgq96kJNduvuA/WcOB68vra7JF
> NHoAmwcGvB/P5ivlzZzFR0z84yh/TDWk
> =cuM/
> -----END PGP SIGNATURE-----
I think we should default to the upstream (old) way. Its what is
expected. Further, if we won't we need to make a graphical tool for
editing policy kit that is GTK and qt/kde.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Roger Oberholtzer
In reply to this post by Patrick Shanahan-2
On Wed, 2012-02-29 at 15:34 -0500, Patrick Shanahan wrote:

> * Roger Oberholtzer <[hidden email]> [02-29-12 15:28]:
> > On Wed, 2012-02-29 at 15:22 -0500, Robert Schweikert wrote:
> > >
> > > On 02/29/2012 03:13 PM, jdd wrote:
> > > > Le 29/02/2012 20:40, Larry Stotler a écrit :
> > > >> As many are aware, Linus Torvalds has started a rant about the
> > > >> security policies
> > > >
> > > > what about give sudo rights to his daugther?
> > >
> > > That was one of the suggestions in the google+ comments.
> >
> > sudo has the huge disadvantage that it opens up too much. The app can do
> > anything root can, when perhaps it is a limited thing you want to allow.
>
> No, sudo can only do that which root has allowed exceptions for sudo-user
> within /etc/sudoers.  It can be very specific or widely general.
> Exceptions *can* be set for controlling the printer, installing software,
> connecting to wireless/wired access points, ..............

Don't you mean it can only run the specific programs allowed? Then, as
root, the allowed program can do whatever it wants. You cannot restrict
it to certain things. Perhaps it is my own pet peeve about limiting
network broadcasts to root that I am focusing on. That is a single thing
I would like a user program to be able to do. I do not want full root
access in the application for this. So if some device discovery /
configuration tool is provided by an equipment supplier, I do not need
to run it as root just so it can do an initial scan of what equipment is
available. 99.999% of the task the app will do does not require root
access. As the preferred interface for transducers drifts to ethernet,
this is becoming a real big hassle.



Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
[hidden email]
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Roger Oberholtzer
In reply to this post by jdd@dodin.org
On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
>
> > I think the issue is fine-grained permissions.
> >
> >
>
> read man sudoer

See my earlier response to Patrick on this. sudo is all-or-nothing for
the program. You cannot restrict a single program to a subset of root
permissions. You get them all.

I think there are these issues here:

 * What fine-grained activities currently limited to root could have
configurable access. Like my favorite: network broadcasts.

 * Which system activities need to be accessible to the user? Adding a
new printer is one such thing. I would imagine a solution like the
network manager in kde/gnome, but for a class of printer queues, would
help.

 * Some activities are already configurable. Or so one hears. Better
documentation and, perhaps, a consistent interface to configure then may
be in order.

I surely do not want the ubuntu madness of typing sudo all the time. I
am confused there the security is in that. And, anyway, if you want the
sudo method, isn't it just for you to add the commands yourself?
openSUSE has not, afaik, disabled sudo.


Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
[hidden email]
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

lynn-32
On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:

> On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
>> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
>>
>>> I think the issue is fine-grained permissions.
>>>
>>>
>> read man sudoer
>
>
>   * What fine-grained activities currently limited to root could have
> configurable access. Like my favorite: network broadcasts.
>
Hi
Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it
as a user. On openSUSE only root can launch it. Or at least I've not
found a way to do it.
L x

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

John Andersen-2
On 02/29/2012 11:59 PM, lynn wrote:

> On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:
>> On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
>>> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
>>>
>>>> I think the issue is fine-grained permissions.
>>>>
>>>>
>>> read man sudoer
>>
>>
>>   * What fine-grained activities currently limited to root could have
>> configurable access. Like my favorite: network broadcasts.
>>
> Hi
> Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it
> as a user. On openSUSE only root can launch it. Or at least I've not
> found a way to do it.
> L x
>

Wireshark uses promiscuous mode and should be root only.

--
Explain again the part about rm -rf /
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

ianseeks
In reply to this post by jdd@dodin.org
On Thursday 01 Mar 2012 00:17:20 jdd wrote:
> Le 29/02/2012 21:25, James Knott a écrit :
> > and WiFi. Should they tell their boss "Sorry I can't use my computer,
> > because I need a password to use a printer and WiFi"?
>
> yes. and add give me a simple way to do the task: give me sudo printer
> group access
>
> jdd

jdd,

Off topic question here.  What email client are you using?  Its just that
every time you reply to the same subject, it starts a new thread in my kmail.

I posted a question to KDEPIM about threading last week  and asked why it
doesn't always work.  They said that some clients don't obey all the rules
regarding information put into the email headers.


regards

Ian
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

jdd@dodin.org
In reply to this post by Jim Henderson-4
Le 01/03/2012 00:33, Jim Henderson a écrit :
> On Thu, 01 Mar 2012 00:23:02 +0100, jdd wrote:
>
>> did somebody yet notice that default install is with root passwd
>> identical to user passwd?
>
> Identical to the initial user password.  On multiuser systems, the user
> passwords aren't all valid for root, obviously. :)
>
> Jim

je use case was single user (linus daughter)

jdd

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

lynn-32
In reply to this post by John Andersen-2
On 03/01/2012 09:05 AM, jsa wrote:

> On 02/29/2012 11:59 PM, lynn wrote:
>> On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:
>>> On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
>>>> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
>>>>
>>>>> I think the issue is fine-grained permissions.
>>>>>
>>>>>
>>>> read man sudoer
>>>
>>>    * What fine-grained activities currently limited to root could have
>>> configurable access. Like my favorite: network broadcasts.
>>>
>> Hi
>> Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it
>> as a user. On openSUSE only root can launch it. Or at least I've not
>> found a way to do it.
>> L x
>>
> Wireshark uses promiscuous mode and should be root only.
>
But on ubuntu, I can run it as a user. Can I do that on 12.1?
L x
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Per Jessen-2
In reply to this post by ianseeks
ianseeks wrote:

> On Thursday 01 Mar 2012 00:17:20 jdd wrote:
>> Le 29/02/2012 21:25, James Knott a écrit :
>> > and WiFi. Should they tell their boss "Sorry I can't use my
>> > computer, because I need a password to use a printer and WiFi"?
>>
>> yes. and add give me a simple way to do the task: give me sudo
>> printer group access
>>
>> jdd
>
> jdd,
>
> Off topic question here.  What email client are you using?  Its just
> that every time you reply to the same subject, it starts a new thread
> in my kmail.

It looks like jdd posted via gmane - threading works fine in knode
though. The References: header looks good.



--
Per Jessen, Zürich (5.9°C)

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Dmitry A. Ashkadov
In reply to this post by lynn-32
01.03.2012 11:59, lynn пишет:

> On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:
>> On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
>>> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
>>>
>>>> I think the issue is fine-grained permissions.
>>>>
>>>>
>>> read man sudoer
>>
>>
>>   * What fine-grained activities currently limited to root could have
>> configurable access. Like my favorite: network broadcasts.
>>
> Hi
> Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it
> as a user. On openSUSE only root can launch it. Or at least I've not
> found a way to do it.
> L x
>
Wireshark? Interesting. If I start it using double click on icon on
desktop when it asks me root password. If I open konsole and type
wireshark when it doesn't ask me password.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Dmitry A. Ashkadov
In reply to this post by John Andersen-2
01.03.2012 12:05, jsa пишет:

> On 02/29/2012 11:59 PM, lynn wrote:
>> On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:
>>> On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
>>>> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
>>>>
>>>>> I think the issue is fine-grained permissions.
>>>>>
>>>>>
>>>> read man sudoer
>>>
>>>    * What fine-grained activities currently limited to root could have
>>> configurable access. Like my favorite: network broadcasts.
>>>
>> Hi
>> Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it
>> as a user. On openSUSE only root can launch it. Or at least I've not
>> found a way to do it.
>> L x
>>
> Wireshark uses promiscuous mode and should be root only.
>
To open tcpdump's dump in wireshark I don't need root password.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Michael Hamilton
In reply to this post by ianseeks
On Thu, 01 Mar 2012 21:14:55 ianseeks wrote:
> On Thursday 01 Mar 2012 00:17:20 jdd wrote:
> > ...
>
> Off topic question here.  What email client are you using?  Its just that
> every time you reply to the same subject, it starts a new thread in my kmail.
> ...

Threading of jdd's messages is OK in my kmail (1.13.6).
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

ianseeks
On Thursday 01 Mar 2012 22:46:22 [hidden email] wrote:
> On Thu, 01 Mar 2012 21:14:55 ianseeks wrote:
> > On Thursday 01 Mar 2012 00:17:20 jdd wrote:
> > > ...
> >
> > Off topic question here.  What email client are you using?  Its just that
> > every time you reply to the same subject, it starts a new thread in my
> > kmail. ...
>
> Threading of jdd's messages is OK in my kmail (1.13.6).

i'm on Kmail 4.8.0 (according to the Help) but i presume its Kmail 2.??

jdd is not the only one where i get split threads. I can also get it with
other people where it sometimes works okay and sometimes it creates a new
thread.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Roger Oberholtzer
In reply to this post by lynn-32
On Thu, 2012-03-01 at 08:59 +0100, lynn wrote:

> On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:
> > On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
> >> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
> >>
> >>> I think the issue is fine-grained permissions.
> >>>
> >>>
> >> read man sudoer
> >
> >
> >   * What fine-grained activities currently limited to root could have
> > configurable access. Like my favorite: network broadcasts.
> >
> Hi
> Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it
> as a user. On openSUSE only root can launch it. Or at least I've not
> found a way to do it.

It is software and, more importantly, libraries provided by equipment
vendors. For example, these companies provide SDKs for Linux that have
as part of their procedure the desire to do a network broadcast to
locate things:

        SICK AG
(http://www.sick.com)

        JAI A/S
(http://www.jai.com/en/)

        Allied Vision Technologies
(http://www.alliedvisiontec.com/emea/home.html)

        Basler
(http://www.baslerweb.com)

        LMI Selcom
(http://www.lmi3d.com/)

There are many more. They too complain that Linux sometimes makes it
more difficult to implement transducer queries than 'the other OS'.
Their techniques are similar to mDNS and such things.

I would use these in my application, as one does. I do NOT repeat NOT
want to run measurement software as root just to satisfy this need.

> L x
>

Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
[hidden email]
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Marcus Meissner
On Thu, Mar 01, 2012 at 11:27:36AM +0100, Roger Oberholtzer wrote:

> On Thu, 2012-03-01 at 08:59 +0100, lynn wrote:
> > On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:
> > > On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
> > >> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
> > >>
> > >>> I think the issue is fine-grained permissions.
> > >>>
> > >>>
> > >> read man sudoer
> > >
> > >
> > >   * What fine-grained activities currently limited to root could have
> > > configurable access. Like my favorite: network broadcasts.
> > >
> > Hi
> > Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it
> > as a user. On openSUSE only root can launch it. Or at least I've not
> > found a way to do it.
>
> It is software and, more importantly, libraries provided by equipment
> vendors. For example, these companies provide SDKs for Linux that have
> as part of their procedure the desire to do a network broadcast to
> locate things:
>
> SICK AG
> (http://www.sick.com)
>
> JAI A/S
> (http://www.jai.com/en/)
>
> Allied Vision Technologies
> (http://www.alliedvisiontec.com/emea/home.html)
>
> Basler
> (http://www.baslerweb.com)
>
> LMI Selcom
> (http://www.lmi3d.com/)
>
> There are many more. They too complain that Linux sometimes makes it
> more difficult to implement transducer queries than 'the other OS'.
> Their techniques are similar to mDNS and such things.
>
> I would use these in my application, as one does. I do NOT repeat NOT
> want to run measurement software as root just to satisfy this need.

But this is not really related to the topic of Desktop security that Linus
was mostly ranting about.

(I do not exactly understand the issues at hand here though.)

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Roger Oberholtzer
On Thu, 2012-03-01 at 11:30 +0100, Marcus Meissner wrote:

> On Thu, Mar 01, 2012 at 11:27:36AM +0100, Roger Oberholtzer wrote:
> > On Thu, 2012-03-01 at 08:59 +0100, lynn wrote:
> > > On 03/01/2012 08:38 AM, Roger Oberholtzer wrote:
> > > > On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
> > > >> Le 29/02/2012 21:27, Roger Oberholtzer a écrit :
> > > >>
> > > >>> I think the issue is fine-grained permissions.
> > > >>>
> > > >>>
> > > >> read man sudoer
> > > >
> > > >
> > > >   * What fine-grained activities currently limited to root could have
> > > > configurable access. Like my favorite: network broadcasts.
> > > >
> > > Hi
> > > Sorry to interfere, but Is that Wireshark? On ubuntu you can launch it
> > > as a user. On openSUSE only root can launch it. Or at least I've not
> > > found a way to do it.
> >
> > It is software and, more importantly, libraries provided by equipment
> > vendors. For example, these companies provide SDKs for Linux that have
> > as part of their procedure the desire to do a network broadcast to
> > locate things:
> >
> > SICK AG
> > (http://www.sick.com)
> >
> > JAI A/S
> > (http://www.jai.com/en/)
> >
> > Allied Vision Technologies
> > (http://www.alliedvisiontec.com/emea/home.html)
> >
> > Basler
> > (http://www.baslerweb.com)
> >
> > LMI Selcom
> > (http://www.lmi3d.com/)
> >
> > There are many more. They too complain that Linux sometimes makes it
> > more difficult to implement transducer queries than 'the other OS'.
> > Their techniques are similar to mDNS and such things.
> >
> > I would use these in my application, as one does. I do NOT repeat NOT
> > want to run measurement software as root just to satisfy this need.
>
> But this is not really related to the topic of Desktop security that Linus
> was mostly ranting about.

Well, these suppliers provide, quite often, QT apps that allow one to
configure their devices. They need to first locate them. A network
broadcast is what they would like to do. Except on Linux this requires
root permissions. So, the user mode gui that is going to configure an
external device (not the local Linux system really) is prevented from
doing so because broadcasts are limited to root.

Different situation. But caused by the exact same core issue. I thought
it was relevant because if one focuses on making the squeaky wheel
desktop apps work, the root problem (pun intended) remains. What is
needed is a general approach to these permissions.

As to the printer things: isn't it mainly configuration file access that
is the problem? Why not an lpadmin group to which users could be added,
and that the changeable files and directories would belong? In much the
same way /dev access is controlled.



Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
[hidden email]
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Roger Oberholtzer
In reply to this post by James Knott
On Wed, 2012-02-29 at 21:53 -0500, James Knott wrote:

> jdd wrote:
> > did somebody yet notice that default install is with root passwd
> > identical to user passwd?
> >
> > sure I never let this go through, but this solve definitively the problem
> >
> > jdd
> >
>
> How does it solve the problem if an employer doesn't want to give
> employees root access, but expects them you be able to use WiFi?

Hmm. I use WiFi in three offices, hotels, home, and wherever. On KDE I
set it up via network manager. I am never root for that. Same with wired
connections. I think the problem is that network manager seems to have
gone through a bad stretch where it could, in some updates, stop
working. That, for wifi on openSUSE, is the issue. I do not know if the
gnome equivalent has had such a seemingly turbulent recent history.



Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
[hidden email]
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Per Jessen-2
In reply to this post by Roger Oberholtzer
Roger Oberholtzer wrote:

> Well, these suppliers provide, quite often, QT apps that allow one to
> configure their devices. They need to first locate them. A network
> broadcast is what they would like to do. Except on Linux this requires
> root permissions.

I'm not at all sure, but isn't this managed with capabilities?  There is
a CAP_NET_BROADCAST (although the man page says "unused").



--
Per Jessen, Zürich (9.3°C)

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

James Knott
In reply to this post by Carlos E. R.-2
Carlos E. R. wrote:
>> I have never needed admin password to use WiFi in Windows.
> Because you are already the administrator. In my windows machine I can't
> setup the wifi network or printer.

Please read my other note, where I said I run as a user, with separate
admin account.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

James Knott
In reply to this post by Roger Oberholtzer
Roger Oberholtzer wrote:
>> How does it solve the problem if an employer doesn't want to give
>> >  employees root access, but expects them you be able to use WiFi?
> Hmm. I use WiFi in three offices, hotels, home, and wherever. On KDE I
> set it up via network manager. I am never root for that. Same with wired
> connections. I think the problem is that network manager seems to have
> gone through a bad stretch where it could, in some updates, stop
> working. That, for wifi on openSUSE, is the issue. I do not know if the
> gnome equivalent has had such a seemingly turbulent recent history.

In 12.1, you need root password to initially configure a WiFi
connection.  Once that's done, you can use it without root password.  
Earlier versions did not require root password to establish a connection.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

123456 ... 11