Bug#575309: user-setup: Should stop adding first user to device access groups
On Wednesday 24 March 2010, Petter Reinholdtsen wrote:
> > What about (server) systems that don't have consolekit installed?
>
> Yes, what about them?
On such systems the first user would be left without expected default
access to devices.
> If the local user to have special privileges, one should install the
> packages providing such privileges to the local user.
There's more way than one to Rome. Group membership is a traditional and
still valid way to provide rights. Having packages like consolekit
installed is not a requirement.
> > What harm do the current group assignments do? After all, we're only
> > talking about the first user here!
>
> It grant local device access to a user that should not have it. The
> first user should not have local device access, unless that user is
> logged in locally on the machine console.
Why should that user not have it? For the purpose of D-I installations the
first user is defined as being the admin and/or console user of the
system.
If you install systems where the first user does not hold that role, you
should disable creation of the first user account during installation, or
tune the default groups he's made a member of.
I disagree with this proposed change. IMO the default group assignments are
in line with the purpose of the first user account.
Cheers,
FJP
Reply to: