From 51680b6ebb645d37ebdfcd122ca163b3a638aefa Mon Sep 17 00:00:00 2001 From: Tails developers Date: Fri, 19 Dec 2014 00:40:08 +0100 Subject: files copied from https://git-tails.immerda.ch/tails - many thanks to the tails developers for their nice work and documentation of it - these files have been released under the GNU General Public License version 3 or (at your option) any later version features/images has been omitted --- features/root_access_control.feature | 44 ++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 features/root_access_control.feature (limited to 'features/root_access_control.feature') diff --git a/features/root_access_control.feature b/features/root_access_control.feature new file mode 100644 index 00000000..9aa45de8 --- /dev/null +++ b/features/root_access_control.feature @@ -0,0 +1,44 @@ +@product +Feature: Root access control enforcement + As a Tails user + when I set an administration password in Tails Greeter + I can use the password for attaining administrative privileges. + But when I do not set an administration password + I should not be able to attain administration privileges at all. + + Background: + Given a computer + And the network is unplugged + And I start the computer + And the computer boots Tails + And I save the state so the background can be restored next scenario + + Scenario: If an administrative password is set in Tails Greeter the live user should be able to run arbitrary commands with administrative privileges. + Given I enable more Tails Greeter options + And I set sudo password "asdf" + And I log in to a new session + And Tails Greeter has dealt with the sudo password + Then I should be able to run administration commands as the live user + + Scenario: If no administrative password is set in Tails Greeter the live user should not be able to run arbitrary commands administrative privileges. + Given I log in to a new session + And Tails Greeter has dealt with the sudo password + Then I should not be able to run administration commands as the live user with the "" password + And I should not be able to run administration commands as the live user with the "amnesia" password + And I should not be able to run administration commands as the live user with the "live" password + + Scenario: If an administrative password is set in Tails Greeter the live user should be able to get administrative privileges through PolicyKit + Given I enable more Tails Greeter options + And I set sudo password "asdf" + And I log in to a new session + And Tails Greeter has dealt with the sudo password + And GNOME has started + And running a command as root with pkexec requires PolicyKit administrator privileges + Then I should be able to run a command as root with pkexec + + Scenario: If no administrative password is set in Tails Greeter the live user should not be able to get administrative privileges through PolicyKit with the standard passwords. + Given I log in to a new session + And Tails Greeter has dealt with the sudo password + And GNOME has started + And running a command as root with pkexec requires PolicyKit administrator privileges + Then I should not be able to run a command as root with pkexec and the standard passwords -- cgit v1.2.3-70-g09d2