Re: Referring bug #166718 and the initial groups issue to the TC

To: debian-ctte@lists.debian.org
Cc: kcr@debian.org, 166718-quiet@bugs.debian.org, Sam Hartman <hartmans@debian.org>
Subject: Re: Referring bug #166718 and the initial groups issue to the TC
From: Manoj Srivastava <srivasta@debian.org>
Date: Thu, 01 Apr 2004 02:42:51 -0600
Message-id: <[🔎] 87ekr81438.fsf@glaurung.internal.golden-gryphon.com>
Mail-followup-to: debian-ctte@lists.debian.org, kcr@debian.org, 166718-quiet@bugs.debian.org, Sam Hartman <hartmans@debian.org>
In-reply-to: <20040331191500.ED78015159C@konishi-polis.mit.edu> (Sam Hartman's message of "Wed, 31 Mar 2004 14:15:00 -0500 (EST)")
References: <20040331191500.ED78015159C@konishi-polis.mit.edu>

On Wed, 31 Mar 2004 14:15:00 -0500 (EST), Sam Hartman <hartmans@debian.org> said: 

> The problem is fairly simple.  Some of our users actually want to
> use their systems once they get it installed.  Particularly, they'd
> like to be able to do things like play sound, access their floppy
> drives and cdroms, etc.  Currently, to do that, you need to be added
> to groups that have access to devices.  I think some of this comes
> from the FHS rather than just decisions internal to Debian.

> Perhaps when Debian and the FHS originally made this decision, users
> could be expected to simply add themselves to groups if they noticed
> they needed the permissions associated with these groups.  However
> as Debian has gained appeal to a wider audience and as peoples'
> expectations of usability increase, users want more reasonable
> default behavior.

> The proposal in bug #166718 and the bugs merged with it is for the
> initial user to be added to some set of groups.  Karl does not like
> this proposal because it only solves the problem for the initial
> user.  That's great until you actually start to take advantage of
> the fact your Debian system is multi-user.

	It seems to me that this ought to be local policy. Can you
 explain to me how the proposed solutions take site policy into
 account?  Would it be feasible instead have a simple way of enabling
 one or more users (perhaps a site wide list of users, with exceptions
 for services) to use a specific service?  Would there be security
 issues involved in giving wholesale access to hardware resources?

	Traditionally, UNIX has not been in the practice of
 automatically adding users to groups, and I think we need to be
 careful if we decide to break from universal practice.

	manoj
-- 
Why did the Roman Empire collapse?  What is the Latin for office
automation?
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: Referring bug #166718 and the initial groups issue to the TC
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: Referring bug #166718 and the initial groups issue to the TC
  - From: Sam Hartman <hartmans@debian.org>

Next by Date: Re: Referring bug #166718 and the initial groups issue to the TC
Next by thread: Re: Referring bug #166718 and the initial groups issue to the TC
Index(es):
- Date
- Thread