[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#575309: user-setup: Should stop adding first user to device access groups

On Wednesday 24 March 2010, Petter Reinholdtsen wrote:
> > What about (server) systems that don't have consolekit installed?
> Yes, what about them?

On such systems the first user would be left without expected default 
access to devices.

> If the local user to have special privileges, one should install the
> packages providing such privileges to the local user.

There's more way than one to Rome. Group membership is a traditional and 
still valid way to provide rights. Having packages like consolekit 
installed is not a requirement.

> > What harm do the current group assignments do? After all, we're only
> > talking about the first user here!
> It grant local device access to a user that should not have it.  The
> first user should not have local device access, unless that user is
> logged in locally on the machine console.

Why should that user not have it? For the purpose of D-I installations the 
first user is defined as being the admin and/or console user of the 
If you install systems where the first user does not hold that role, you 
should disable creation of the first user account during installation, or 
tune the default groups he's made a member of.

I disagree with this proposed change. IMO the default group assignments are 
in line with the purpose of the first user account.


Reply to: