diff options
| author | Tails developers <amnesia@boum.org> | 2014-12-19 00:40:08 +0100 |
|---|---|---|
| committer | Holger Levsen <holger@layer-acht.org> | 2014-12-21 09:45:40 +0100 |
| commit | 51680b6ebb645d37ebdfcd122ca163b3a638aefa (patch) | |
| tree | 337e128d2eac3cbc89ecbacf38851bfa33469cd5 /features/root_access_control.feature | |
| parent | 44bab3c86ca3d95837f4c50cc535206352385a46 (diff) | |
| download | jenkins.debian.net-51680b6ebb645d37ebdfcd122ca163b3a638aefa.tar.xz | |
files copied from https://git-tails.immerda.ch/tails - many thanks to the tails developers for their nice work and documentation of it - these files have been released under the GNU General Public License version 3 or (at your option) any later version
features/images has been omitted
Diffstat (limited to 'features/root_access_control.feature')
| -rw-r--r-- | features/root_access_control.feature | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/features/root_access_control.feature b/features/root_access_control.feature new file mode 100644 index 00000000..9aa45de8 --- /dev/null +++ b/features/root_access_control.feature @@ -0,0 +1,44 @@ +@product +Feature: Root access control enforcement + As a Tails user + when I set an administration password in Tails Greeter + I can use the password for attaining administrative privileges. + But when I do not set an administration password + I should not be able to attain administration privileges at all. + + Background: + Given a computer + And the network is unplugged + And I start the computer + And the computer boots Tails + And I save the state so the background can be restored next scenario + + Scenario: If an administrative password is set in Tails Greeter the live user should be able to run arbitrary commands with administrative privileges. + Given I enable more Tails Greeter options + And I set sudo password "asdf" + And I log in to a new session + And Tails Greeter has dealt with the sudo password + Then I should be able to run administration commands as the live user + + Scenario: If no administrative password is set in Tails Greeter the live user should not be able to run arbitrary commands administrative privileges. + Given I log in to a new session + And Tails Greeter has dealt with the sudo password + Then I should not be able to run administration commands as the live user with the "" password + And I should not be able to run administration commands as the live user with the "amnesia" password + And I should not be able to run administration commands as the live user with the "live" password + + Scenario: If an administrative password is set in Tails Greeter the live user should be able to get administrative privileges through PolicyKit + Given I enable more Tails Greeter options + And I set sudo password "asdf" + And I log in to a new session + And Tails Greeter has dealt with the sudo password + And GNOME has started + And running a command as root with pkexec requires PolicyKit administrator privileges + Then I should be able to run a command as root with pkexec + + Scenario: If no administrative password is set in Tails Greeter the live user should not be able to get administrative privileges through PolicyKit with the standard passwords. + Given I log in to a new session + And Tails Greeter has dealt with the sudo password + And GNOME has started + And running a command as root with pkexec requires PolicyKit administrator privileges + Then I should not be able to run a command as root with pkexec and the standard passwords |