Re: Debian and the desktop

To: debian-devel@lists.debian.org
Subject: Re: Debian and the desktop
From: Josselin Mouette <joss@debian.org>
Date: Tue, 13 Dec 2005 16:47:52 +0100
Message-id: <[🔎] 1134488872.24135.30.camel@silicium.ccc.cea.fr>
In-reply-to: <[🔎] 439DCEBD.2040700@hogyros.de>
References: <95b62a6d0512100249o2e44b3b9lde1d2ed680231074@mail.gmail.com> <20051210115149.GA25380@chemicalconnection.dyndns.org> <20051210121723.GA13464@lapse.madduck.net> <20051211043901.GA6390@squee.verizon.net> <20051212125905.GC24233@lapse.madduck.net> <[🔎] 20051212130553.GA17697@localhost.localdomain> <[🔎] 20051212144609.GA29365@lapse.madduck.net> <[🔎] 439D8EDE.3090401@gmail.com> <[🔎] 20051212173446.GE27880@djedefre.onera> <[🔎] 439DCEBD.2040700@hogyros.de>

Le lundi 12 décembre 2005 à 20:25 +0100, Simon Richter a écrit :
> > -default sound setup
> 
> Sound is symptomatic of a much larger class of problems, namely that 
> there is no system service that forwards resources other than display 
> and keyboard to the user currently logged in. In Unix, the default is to 
> lock people out, so in the default setup there is no sound and USB stick 
> access (the Windows way of allowing anyone to access all devices opens 
> another can of worms). What would be required is some resource 
> forwarding framework in which a priviledged process will pass out 
> handles to sound/usb/floppy/... to anyone who asks via the proper 
> channels (X11 springs to mind, as only clients belonging to the user 
> logged in should have access to the display) or presenting the proper 
> credentials. This would not be a Debian specific solution.

Currently, there are two ways of handling this situation:
- The Debian way, where this is controlled by Unix groups, and where the
default user belongs to these groups. Your message seems to imply the
opposite, and I welcome you to install a sarge system and try plugging a
USB stick or playing sound.
- The Redhat way, using pam_console. The user logging in gains rights on
some devices. The problem is that when the user logs out, there's no way
to force her to release the rights acquired. This is a limitation of the
Linux kernel, which cannot revoke privileges. AFAIK, that's why it isn't
used by default in Debian.

If you want things to move, you should provide a framework for the
kernel to handle a new revocation system call - far from an easy task.

> > -default wireless setup
> 
> This is also related to the clash of the two approaches ("multiuser 
> system with capable admin" versus "single-user personal system where all 
> users need admin priviledge to associate to new APs as they roam with 
> their laptop"). What we need is a solution that handles the in-between 
> cases as well, and it's not Debian specific either.

Some desktop tools doing that exist, but they seriously lack integration
in Debian.
-- 
 .''`.           Josselin Mouette        /\./\
: :' :           josselin.mouette@ens-lyon.org
`. `'                        joss@debian.org
   `-  Debian GNU/Linux -- The power of freedom

Reply to:

Follow-Ups:
- Re: Debian and the desktop
  - From: Simon Richter <Simon.Richter@hogyros.de>

References:
- Debian and the desktop (was: Re: Complaint about #debian operator)
  - From: Michael Banck <mbanck@debian.org>
- Re: Debian and the desktop (was: Re: Complaint about #debian operator)
  - From: martin f krafft <madduck@debian.org>
- Re: Debian and the desktop
  - From: Linas Zvirblis <0x0007@gmail.com>
- Re: Debian and the desktop
  - From: Christian Perrier <bubulle@debian.org>
- Re: Debian and the desktop
  - From: Simon Richter <Simon.Richter@hogyros.de>

Prev by Date: Re: Debian and the desktop
Next by Date: Re: question towards "freetype transition; improved library handling needed for all C/C++ packages"
Previous by thread: Re: Debian and the desktop
Next by thread: Re: Debian and the desktop
Index(es):
- Date
- Thread