[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: warn user about first accounts privs

(btw, I don't subscribe to -boot, so a CC's are appreciated)

Frans Pop said:
> It certainly cannot be committed anymore before the release of Etch as
> we have a string freeze (except in exceptional cases).


> TBH, I don't see how a clear kernel/udev issue can be mitigated by 
> something as trivial as this. As if random users will understand what
> the implications are of being a member of certain groups. IMO this is just 
> papering over the issue. Professional sysadmins can be expected to
> check what groups an automatically created account is a member of
> (and will probably not create the first account to be given out to
> any random user anyway).

I completely agree that this is no fix for #404927, never meant to
imply that. In that report you'll see that we plan to deal with this
issue by overriding groups for specific devices in udev while
hopefully getting the kernel fixed upstream in the meantime.

I personally was surprised to see that the first user was added to
additional groups and, had I known that, there are times I would've
elected not to create that user at that time. (Most of my installs are
servers, where these default groups don't make sense). I'm curious if
I'm the only experienced admin who didn't notice and is surprised.
I do agree that its somewhat minor - the first user is usually going
to be a person w/ root privs, and the group privs should normally be
pretty safe - except when bugs like #404927 pop up.

Maybe after etch I'll propse a patch that adds an extra checkbox
(default to yes) that asks users (in expert mode) if they want to be
added to a set of typical desktop user groups.

dann frazier

Reply to: