[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Referring bug #166718 and the initial groups issue to the TC

On Wed, 31 Mar 2004 14:15:00 -0500 (EST), Sam Hartman <hartmans@debian.org> said: 

> The problem is fairly simple.  Some of our users actually want to
> use their systems once they get it installed.  Particularly, they'd
> like to be able to do things like play sound, access their floppy
> drives and cdroms, etc.  Currently, to do that, you need to be added
> to groups that have access to devices.  I think some of this comes
> from the FHS rather than just decisions internal to Debian.

> Perhaps when Debian and the FHS originally made this decision, users
> could be expected to simply add themselves to groups if they noticed
> they needed the permissions associated with these groups.  However
> as Debian has gained appeal to a wider audience and as peoples'
> expectations of usability increase, users want more reasonable
> default behavior.

> The proposal in bug #166718 and the bugs merged with it is for the
> initial user to be added to some set of groups.  Karl does not like
> this proposal because it only solves the problem for the initial
> user.  That's great until you actually start to take advantage of
> the fact your Debian system is multi-user.

	It seems to me that this ought to be local policy. Can you
 explain to me how the proposed solutions take site policy into
 account?  Would it be feasible instead have a simple way of enabling
 one or more users (perhaps a site wide list of users, with exceptions
 for services) to use a specific service?  Would there be security
 issues involved in giving wholesale access to hardware resources?

	Traditionally, UNIX has not been in the practice of
 automatically adding users to groups, and I think we need to be
 careful if we decide to break from universal practice.

Why did the Roman Empire collapse?  What is the Latin for office
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: