[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Referring bug #166718 and the initial groups issue to the TC

hartmans@debian.org (Sam Hartman) writes:

> The problem is fairly simple.  Some of our users actually want to use
> their systems once they get it installed.


> Perhaps when Debian and the FHS originally made this decision, users
> could be expected to simply add themselves to groups if they noticed
> they needed the permissions associated with these groups.  However as
> Debian has gained appeal to a wider audience and as peoples'
> expectations of usability increase,  users want more reasonable
> default behavior.

If we're talking about single-user machines with a graphics card for a console,
then I certainly agree.  We need to be careful to avoid a change that makes
things worse (less secure, etc) for headless systems like servers, though.

> The Redhat pam_console module does seem to do roughly what we want .

The idea of conditionalizing access rights on the basis of whether a user
currently controls "the console" feels to me like exactly the right way to 
approach this issue.  I haven't studied pam_console, and so don't have a strong
opinion on whether it's the right hunk of code or not.


Reply to: